-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 André,
On 3/31/2009 9:51 AM, André Cruz wrote: > On Mar 31, 2009, at 14:44 , Christopher Schultz wrote: >> <Connector ... clientAuth="want" /> > > The problem with "want" is that, at least with IE, the browser always > prompts the user for a certificate. Hmm... that's not supposed to happen :( I've never used client-cert, so I don't have any particular advice for you, unfortunately. What I do know is that the <Connector> element is pretty global... you can't have it ask for certs for some requests and not others. Also, your code won't be able to touch anything until after the SSL negotiation is over, so you can't modify the SSL settings or anything like that. Your only other option for Tomcat is to configure another <Connector> which would require a different IP or port number, which makes it ... inconvenient at best. > I just want the prompt to appear when a specific servlet is requested. I > can do this with Apache and <Location> directives but I would like to > use a tomcat-only configuration. I think httpd might be required, here, but I'd love to hear what others have to say. If you don't hear anything else for a day or so, re-post a new message with something like "CLIENT-CERT 'want' asks for cert on MSIE" or something like that. I'm certain that 'want' is not supposed to ask the remote user for a cert. Hmm... maybe I'm wrong. See section 5.1 of this page: http://jack.godau.googlepages.com/jbosscertificatesandopenssl - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAknSLJUACgkQ9CaO5/Lv0PAZQwCcDGWCQFeAu5Exwbnag2rkZqXm DFMAoKKIB9Fh0V/n4ig4/ovEHuQErIix =AZGl -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
