Hi Hassan,
Thanks for your answer. Yes, I've already tried your suggestion. Both
with the java.security.cert.CertificateExpiredException and the
javax.net.ssl.SSLHandshakeException, but the problem remains. As I can
see, the exception is thrown somewhere inside Tomcat, before handling
control to the webapplication. Hence, the exception is not "catchable"
inside my webapplication, but is to be handled in some other way
"inside" the Tomcat engine.
...Suggestions are still very welcome :-)
regards,
kews
Hassan Schroeder wrote:
On 11/1/06, Subscriber <[EMAIL PROTECTED]> wrote:
Hi,
I've configured Tomcat 5.5.17 to use CLIENT-CERT as authentication
mechanism via web.xml in my web application. This works as expected and
the user gets prompted for a certificate. I'm facing a problem, because
when the user supplies a certificate that has expired Tomcat throws an
exception in the log like this:
INFO: SSL Error getting client Certs
javax.net.ssl.SSLHandshakeException:
java.security.cert.CertificateExpiredException: NotAfter: Thu Jan 19
08:40:14 CET 2
006
My problem is, that I would like to handle the case myself and avoid
exceptions in the log and present the user with a good error message. In
this case, the user has no clue what-so-ever of what happened because
the error remains within Tomcat. What can I do to catch the error myself?
Have you tried something like this in your web.xml?
<error-page>
<exception-type>java.security.cert.CertificateExpiredException</exception-type>
<location>/WEB-INF/errors/expired.jsp</location>
</error-page>
---------------------------------------------------------------------
To start a new topic, e-mail: [email protected]
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
