On 2/18/10, Christopher Schultz <ch...@christopherschultz.net> wrote: > > Stupid question: don't you want clientAuth="true"? >
In this particular case, no. I don't want to force client certificate authentication for all SSL connections coming to port 8443. Instead, I am looking to do client certificate authentication on a per-webapp basis. As Mark pointed out, however, this opens up a potential man-in-the-middle attack so I'm still investigating other ways to accomplish this. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org