I'm sure this is in the Tomcat docs, but the set of trusted Root CAs is
determined by the collection in the truststoreFile attribute on the <Connector
... /> element in server.xml (assuming you are not using the tcnative
connector). If this is omitted, then it defaults to the trusted CAs provided
by your JVM vendor.
Assuming that you are not using AJP/1.3, then the complete chain is available
via:
X509Certificate [] certs = (X509Certificate
[])request.getAttribute("javax.servlet.request.X509Certificate");
"Steffen Heil" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED]
Hi
I need to setup tomcat to use https certificates for client authentication.
Does anyone have a working example for this?
Which certificates does tomcat accept in that case?
Which way can be used by the appliaction to detect which certificate was used?
Regards,
Steffen
