Thanks Charles. Ok getting back to it after a looong break... I looked at the ssl traces and looks like client is sending server an Alert (21) Warning (close notify) but, server (tomcat) seems to ignore it! Is there a way (config) to force tomcat to renegotiate ? I even tried to invoke Tomcat action code ACTION_REQ_SSL_CERTIFICATE which, I thought should force renegotiation but still does not. I still see the same behavior where Tomcat just uses cached certificate!!!
Versions : Tomcat 5.5.27 with Java 1.6.0_11 on SLES10. Any help is appreciated... Thanks Caldarale, Charles R wrote: > >> From: atul [mailto:techat...@yahoo.com] >> Subject: Re: Force getting Client Cert from browser >> >> I tried invalidating httpsession but that didnt work. > > I'm a bit surprised at that, but I haven't gone through the code enough to > figure out why that didn't work. There's a tangentially related thread > here: > http://marc.info/?l=tomcat-user&m=120092922008604&w=2 > >> Also, in a deployment where if a machine is shared by >> multiple users and user1 forgets to close the browser before >> leaving, the user can log right in as user1. > > A problem in any environment that has shared access points, not unique to > using certificates for client authentication. > > - Chuck > > > THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY > MATERIAL and is thus for use only by the intended recipient. If you > received this in error, please contact the sender and delete the e-mail > and its attachments from all computers. > > --------------------------------------------------------------------- > To start a new topic, e-mail: users@tomcat.apache.org > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > > -- View this message in context: http://www.nabble.com/Force-getting-Client-Cert-from-browser-tp20155194p23286972.html Sent from the Tomcat - User mailing list archive at Nabble.com. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org