Mahesh S Kudva wrote:
How can I have different certificate authentication for different applications and skip certificate
authentication for some applications hosted on the same server.
I believe that, at least under SSL, certificates authenticate
*servers* not applications, and that the Connector offers a
certificate before it checks, or regardless of, the context
path within that server.
So you need to deploy each app at a different (virtual) host,
each with a different IP address. We do this currently with
5.5.9. You can use the default keystore for all hosts, and
use the (undocumented) keyAlias="myalias" Connector attribute
to offer the appropriate certificate for each host, e.g.
<Connector
address="288.104.197.211"
port="8443"
scheme="https"
secure="true"
sslProtocol="TLS"
keyAlias="mrk2"
/>
(in 5.5.9 you also need sslProtocol="TLS" explicitly)
Paul Singleton
--
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.323 / Virus Database: 267.8.8/35 - Release Date: 30/Jun/2005
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
