-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 John,
On 2/12/19 12:21, John Palmer wrote: > using the old Connector/clientAuth="true" or the new > Connector/SSLHostConfig/ > certificateVerification="REQUIRED" (tried lowercase and without the > D) format..doesn't seem to work properly. > > no matter what value I use or which format... the behavior seems to > be that the client cert is prompted for, but is optional.... (the > web pages are shown whether a cert is selected or Cancel is > selected on the prompt. (in the latter case, a JSP scriplet that > shows X509 certificate content throws an error, confirming that the > client certifcate was not sent). > > (Openssl s_client cmd confirms that the "Acceptable client > certificate CA names" from the trustStore specified ARE being > sent). > > I don't doubt that I'm missing (mistyping or misunderstanding) > something (again), but I'm gonna ask for help a little sooner this > time rather than continuing to beat a dead horse :) ... Can you copy/paste your actual configuration? - -chris -----BEGIN PGP SIGNATURE----- Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/ iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlxjAhUACgkQHPApP6U8 pFiS8A//QFTFb+JC6n/QJ+KPZKZ5VYsNavfCZD5bkwoWByrO2KLoYQuzEyBMFHHr qXZ/Ry1dtW2IYbxP29BopteKx/kdFBe554MoXiDUdKYJSZa3d4Bgq1qkRjRvZ7Xq kago/cVz/ZmFK9xIYwz1mK1M4WfYCFA8BgIvyp9pQIGMzxCHSn8ull541XtFJrAz VBH64+3WGhpFjv6vsAwC4MVZY9lwc/2wEXD6k5cnscyHHJQbH3fWwjmpQZgT0PXf Q4g49YSTjBvvWu9QLE3Vq0QoqGmSnrCj8QjRVp4v5ot5JyxYXfjYY4/Gclu46x1a IFy+K5hQ7YTNTzkKczT+UZGGCBfxiyW6NVC7tBkVx6t8WPJbIwD1/CUYzEmw6x7P 2IKuwCCkDyApzmU2QYzL7jDeEFuN98URQwhQz+mvRKdQGW5D9C58E8Ka8EEazxgF dtstzkDeSNA9GEGJbk4H4e6+wiEjbCyBUj2zmxVYYYClA9oVa1888aEzDbSwJB15 eIwYnRal8RJ0hNt3ATh2lPV2NQHt168rf5Y3GMUPbO3kT7uKSjB7p/sJ8zWRxpMw gL7JxqlGT3RN7wsAe4H84bucgJsIPj5IMoNYILFLMCpiZD9xrpK0d/QVtM2rd3B4 cNZ6cRGiF1hU/BS9Xq6ZVYMMA2G54BRFFEtkhERpLte+3aLPixw= =fdPZ -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org