Thanks for your reply. This would be one possibility. I tried to realize this, but in some cases a browser specific error page is displayed instead of a customizable tomcat error page. For example if in the server.xml clientauth="true" you dont get any http error codes.
OK, the http traffic happens after ssl authentification, so I can imagine that this has good reasons. But maybe there is a way... Am 08.05.2015 um 08:28 schrieb Violeta Georgieva: > Hello, > > 2015-05-07 20:54 GMT+03:00 Johannes <jo...@posteo.de>: >> >> >> >> Hello. >> >> I'm using Tomcat 7.0.with Java 7.0. >> I'm trying to create a webapp with needs a client certifiacte >> authentification. >> Normal client certifiacte authentfication works well and I can compute >> the desired certificate data. The clientauth parameter in the https >> connector is set to false. In my webapp is a security-constraint >> registred for a url space, like /secure/*. >> >> If authentifications fails, a ugly browser error page occurs. A new >> authentification try can only be attempt after reopen the browser. >> >> I already noticed setting server wide clientauth to "want", I receive a >> tomcat 401 http error page (which can be customized) if no client >> certificate was found on a protected resource. But entering a bad >> passphrase shows a ugly browser error page again. >> >> Is there a way to deal with that? I believe the user acceptance will be >> low with that behavior. > > Consider providing your own error pages thus you can setup them with you > company branding. > > Best Regards, > Violeta > >> Best regards Johannes. >> >
signature.asc
Description: OpenPGP digital signature
