Thank you.
So did you load the ca root cert (self-signed "top of chain") into the
truststorefile? via keytool?
also
does your web app's web.xml have the following?
<login-config>
<auth-method>CLIENT-CERT</auth-method>
</login-config>
and
<security-constraint>
...
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
________________________________
From: Goo Sam Kong <[email protected]>
To: Tomcat Users List <[email protected]>
Sent: Tue, April 6, 2010 10:21:49 PM
Subject: Re: smartcards for tomcat webapps
On 6 April 2010 20:39, <[email protected]> wrote:
> Anyone using smartcards for auth?
>
> If so, have specific example code excerpt and server.xml?
Minimum configuration changes required for HTTPS connector in
server.xml is to add attributes below and amend value of clientAuth
attribute from false to true or want.
1. truststoreFile
2. truststorePass
3. truststoreType
<!-- Define a SSL HTTP/1.1 Connector on port 8443
connectionTimeout="15000" -->
<Connector port="8443" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
clientAuth="want/true" sslProtocol="TLS"
truststoreFile="xxxx" truststorePass="xxx" truststoreType="xxx" />
No code change required in server side.
Refer to http://tomcat.apache.org/tomcat-5.5-doc/ssl-howto.html for
SSL configuration in server.xml.
>
>
> Sent from my Verizon Wireless BlackBerry
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [email protected]
> For additional commands, e-mail: [email protected]
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
