On 6/2/22 14:38, Beard, Shawn wrote: > I've never done this. But I think it would go something like this: > To make tomcat take advantages of Client Authentication, require three > certificates. i.e A Server Certificate for Tomcat, Client Certificate > for the browser/Apache and Certificate of the CA which will sign both > the above mentioned certificates.
Stop. John: if you aren't using client TLS certs with your end-users, then this is a rathole you don't want to go down.
If you *do* need to use client-TLS-auth, then this is correct. -chris --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org