-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 André,
On 3/31/2009 9:28 AM, André Cruz wrote: > I'm coding a servlet that does SSL client cert authentication. The > requests already arrive on a SSL connector but for this servlet in > particular the SSL connection needs to be renegotiated to ask for a > client certificate. Is there anyway to do this inside a servlet? With or > without APR? I think you just want to set the clientAuth attribute on your connector: <Connector ... clientAuth="want" /> See http://tomcat.apache.org/tomcat-6.0-doc/config/http.html and http://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html If you use "want", then a certificate will be available if one is provided. If it is /not/ provided, then you will get NULL when you ask for it. I don't know if there's a way to force the browser to "renegotiate" the SSL connection and provide a certificate the second (or third...) time around. - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAknSHjAACgkQ9CaO5/Lv0PBBVACdF3/fSYRYEVHOlT953tCVkTrl B/UAn2EYIz/S9stu8neieyVtKPnhT2zL =jcBJ -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
