-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Ralph,
On 6/30/2010 5:07 PM, Ralph Carlson wrote: > (d) have client Authorization on - with it off tomcat ssl works just fine, > when its turned on I get this error > so far I have been following the steps listed in this tomcat user group > message > http://marc.info/?l=tomcat-user&m=106293430225790&w=2 Try something a bit more recent than 2003. I was able to get client certs working with my own CA, and I was manually checking the client cert instead of having Tomcat do it. However, if your code can do it, so can Tomcat. Try reading-through this thread: http://markmail.org/message/kzxsamuiu6bldjmv > <Connector port="443" protocol="HTTP/1.1" SSLEnabled="true" > maxThreads="150" scheme="https" secure="true" > clientAuth="true" > keystoreFile="/server.ks" > keystorePass="[...]" > sslProtocol="TLS" /> I think you also need a truststoreFile and friends. Try re-reading the <Connector> documentation at http://tomcat.apache.org/tomcat-6.0-doc/config/http.html specifically looking for "client cert". - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkwr8f0ACgkQ9CaO5/Lv0PDFxQCcDrMdAJbl0adm44Dgnyd6fWqV aPEAnjPNCOXwmU847G/7IvZuBU9hnK2A =mNS+ -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org