Thank you ever so much. The certificates will be for a subset of my clients and so I am not that worried. I really appreciate your help.
-----Original Message----- From: Mark Thomas [mailto:[EMAIL PROTECTED] Sent: 23 May 2005 23:13 To: Tomcat Users List Subject: Re: Client Authentication certificates Mark Benussi wrote: > Can I build a root certificate that is not signed by someone like Verisign > or any other trusted root? (This is a cost issue). Yes, but then people have to trust your root certifcate. One of the services Verisign and the other CAs offer (depending on the type of certificate you get) is the verification of the entity that posses the private key associated with the certificate. > Can I implement the Client Authentication on a server which does not have > SSL implemented? No. SSl is a pre-reqisite for CLIENT-CERT authentication > Can I implement the Client Authentication on a server which already has an > SSL certificate, signed by someone like Verisign and effectively run both? Yes, with some caveats. A tomcat connector is SSL enabled or not. It can not be both. Tomcat can have multiple SSL enabled connectors but they must use different ports. Each Tomcat SSL connector can be associated with one, and only one, certificate. HTH, Mark --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
