then it really has nothing to do with Tomcat. Your ASPs need to implement SSL (sorry i'm not versed in ASP :)
In Java you would need to import the client certificate (if not certified by a certified CA) into the JVM and tell it to trust it explicitly. d. Anthony Geoghegan wrote: > What if the client isn't a browser but a Microsoft ASP based HTTPXML call? > > Best Regards, > Anthony Geoghegan. > J2EE Developer > CPS Ireland Ltd. > ----- Original Message ----- > From: "Craig R. McClanahan" <[EMAIL PROTECTED]> > To: "Tomcat Users List" <[EMAIL PROTECTED]> > Sent: Wednesday, July 17, 2002 5:09 PM > Subject: RE: client authorization. > > > >> >>On Wed, 17 Jul 2002, Tathagat (London) wrote: >> >> >>>Date: Wed, 17 Jul 2002 16:03:30 +0100 >>>From: "Tathagat (London)" <[EMAIL PROTECTED]> >>>Reply-To: Tomcat Users List <[EMAIL PROTECTED]> >>>To: 'Tomcat Users List' <[EMAIL PROTECTED]> >>>Subject: RE: client authorization. >>> >>>They only describe how to get a certificate on server side. I mean >> > server > >>>can show a certificate to client, but it does not say how do the client >>>sends a certificate to the server. >>> >> >>You need to import a *client* certificate into your browser (following the >>procedures for your browser -- it has nothing to do with Tomcat). >> >>Then, when the server is set up to challenge for client certificates >>(which it will if you use CLIENT-CERT as the authentication mechanism, or >>you've set the "clientAuth" attribute on the HTTPS connector), the browser >>will pop up a dialog asking you which of your client certificates you want >>to send in response. >> >> >>>I think we need to find this thing out., >>> >> >>Craig >> >> >> >>>-----Original Message----- >>>From: Craig R. McClanahan [mailto:[EMAIL PROTECTED]] >>>Sent: Wednesday, July 17, 2002 16:59 >>>To: Tomcat Users List >>>Subject: Re: client authorization. >>> >>> >>> >>> >>>On Wed, 17 Jul 2002, Anthony Geoghegan wrote: >>> >>> >>>>Date: Wed, 17 Jul 2002 11:18:33 +0100 >>>>From: Anthony Geoghegan <[EMAIL PROTECTED]> >>>>Reply-To: Tomcat Users List <[EMAIL PROTECTED]> >>>>To: Tomcat Users List <[EMAIL PROTECTED]> >>>>Subject: client authorization. >>>> >>>>Is it possible to use client certificate authorization without a >>> > password > >>>>and its associated dialog? >>>> >>> >>>Tomcat 4.x can do this. See the docs for the version of Tomcat you are >>>using: >>> >>>http://jakarta.apache.org/tomcat/tomcat-4.0-doc/ssl-howto.html >>>http://jakarta.apache.org/tomcat/tomcat-4.1-doc/ssl-howto.html >>> >>> >>>>Best Regards, >>>>Anthony Geoghegan. >>>>J2EE Developer >>>>CPS Ireland Ltd. >>> >>>Craig >>> >>> >>> >>>> >>>>-- >>>>To unsubscribe, e-mail: >>> >>><mailto:[EMAIL PROTECTED]> >>> >>>>For additional commands, e-mail: >>> >>><mailto:[EMAIL PROTECTED]> >>> >>>> >>> >>>-- >>>To unsubscribe, e-mail: >>><mailto:[EMAIL PROTECTED]> >>>For additional commands, e-mail: >>><mailto:[EMAIL PROTECTED]> >>> >>> >>>---------------------------------------------------------------------- >>>If you have received this e-mail in error or wish to read our e-mail >>>disclaimer statement and monitoring policy, please refer to >>>http://www.drkw.com/disc/email/ or contact the sender. >>>---------------------------------------------------------------------- >>> >>> >>>-- >>>To unsubscribe, e-mail: >> > <mailto:[EMAIL PROTECTED]> > >>>For additional commands, e-mail: >> > <mailto:[EMAIL PROTECTED]> > >>> >> >>-- >>To unsubscribe, e-mail: > > <mailto:[EMAIL PROTECTED]> > >>For additional commands, e-mail: > > <mailto:[EMAIL PROTECTED]> > >> > > > -- > To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> > For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> > > > -- David Mossakowski [EMAIL PROTECTED] Instinet Corporation 212.310.7275 ******************************************************************************* <<Disclaimer>> This message is intended only for the use of the Addressee and may contain information that is PRIVILEGED and/or CONFIDENTIAL or both. This email is intended only for the personal and confidential use of the recipient(s) named above. If the reader of this email is not an intended recipient, you have received this email in error and any review, dissemination, distribution or copying is strictly prohibited. If you have received this email in error, please notify the sender immediately by return mail and permanently deleting the copy you received. Thank you. ******************************************************************************* -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
