Hi, > The issue seems to be with the IE /Tomat handshake. When IE hits my Tomcat site, it > puts up a dialog with a title of "Choose a Digital Certificate". However the list of > certificates to choose from is empty. > The certificates are loaded into my IE browser. It seem to work with IIS. When I > hit an IIS site, the same form comes up, but the form is pre-populated with the list > of certifcates. > Why doesn't IE show the certificates when accessing Tomcat but does when accessing > IIS? Most probably, your Tomcat connector does not trust the CA from your Smartcard. As you Configured clientAuth="ture" you make the connector request a client cert. The connector will send all the CA's it trusts to the client and your client will present the fitting ones for you to select from. When the Server (in this case the tomcat connector) trust no CA's your client has certificates from, you'll see the empty list.
I can only guess that your IIS has the CA from your smartcard already imported. To fix it for tomcat you need to append your connectors configuration by the following: truststoreFile="conf/trust.keystore" truststorePass="i_wont_say" You need to put the CA cert (and all CA certs above that one) into the referenced trust-keystore. Mit freundlichen Grüßen, Alexander Jung
smime.p7s
Description: S/MIME cryptographic signature