Hello.
I'm using Tomcat 7.0.with Java 7.0. I'm trying to create a webapp with needs a client certifiacte authentification. Normal client certifiacte authentfication works well and I can compute the desired certificate data. The clientauth parameter in the https connector is set to false. In my webapp is a security-constraint registred for a url space, like /secure/*. If authentifications fails, a ugly browser error page occurs. A new authentification try can only be attempt after reopen the browser. I already noticed setting server wide clientauth to "want", I receive a tomcat 401 http error page (which can be customized) if no client certificate was found on a protected resource. But entering a bad passphrase shows a ugly browser error page again. Is there a way to deal with that? I believe the user acceptance will be low with that behavior. Best regards Johannes.
signature.asc
Description: OpenPGP digital signature
