Christopher: Nope. clientAuth="false" means that the webapp's web.xml specifies which resources require the client certificate. See the Connector doc page's description of the accepted values for the clientAuth attribute:
http://tomcat.apache.org/tomcat-6.0-doc/config/http.html "clientAuth" is a rather confusing name for this attribute since a value of "false" makes it appear as though client certs won't be used, which isn't really how it works. Less confusing names might be "clientAuthChallenge" or "clientAuthRequired" with values such as "always", "want", and "protected". -- Jason Brittain On Thu, Feb 18, 2010 at 1:29 PM, Christopher Schultz < ch...@christopherschultz.net> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Kevin, > > On 2/17/2010 7:24 PM, Kevin Mills wrote: > > Sure thing - here is my Connector element: > > > > <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true" > > maxThreads="50" scheme="https" secure="true" > > keystoreFile=".../tomcat.keystore" keystorePass="..." > > clientAuth="false" sslProtocol="TLS" > > Stupid question: don't you want clientAuth="true"? > > - -chris > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.10 (MingW32) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ > > iEYEARECAAYFAkt9sR0ACgkQ9CaO5/Lv0PDsVgCgkR1Md/xdnO14MU3ZWMXQz13l > gCAAniGMybkQIU3VghXUj4G0l0OfrE2w > =m/Iy > -----END PGP SIGNATURE----- > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > -- Jason Brittain
