Hi,
I am using clientAuth on Tomcat 5.5.30, JVM version 1.6.0_21-b06 from Sun on Linux. The client certificates are self-generated and signed as I am acting as CA for the client certificates. Authentication is working as expected until the certificate expiry date is reached which is when I am getting "ssl_error_certificate_unknown_alert" errors returned and the connection is refused. I would like Tomcat to be more tolerant and continue accepting the certificate even after its expiration. Is there a way to change the configuration such that this can be achieved? Note: Sun's JSSE implementation by default (in contrast to IBM's) accepts expired self-signed certificates - I also found this to be the case when my Java application is communicating direct with an Apache Derby Data Base Server running SSL. I would like the same tolerance and behaviour be evidenced when connecting via Tomcat in a web/browser based application environment.

Thanks
Thomas

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Reply via email to