On Tue, 26 Apr 2011 20:44:38 +0200, Thomas Hill wrote:
Hi,
I am using clientAuth on Tomcat 5.5.30, JVM version 1.6.0_21-b06 from
Sun on Linux. The client certificates are self-generated and signed as
I am acting as CA for the client certificates. Authentication is
working as expected until the certificate expiry date is reached which
is when I am getting "ssl_error_certificate_unknown_alert" errors
returned and the connection is refused. I would like Tomcat to be more
tolerant and continue accepting the certificate even after its
expiration. Is there a way to change the configuration such that this
can be achieved?
Note: Sun's JSSE implementation by default (in contrast to IBM's)
accepts expired self-signed certificates - I also found this to be the
case when my Java application is communicating direct with an Apache
Derby Data Base Server running SSL. I would like the same tolerance
and behaviour be evidenced when connecting via Tomcat in a web/browser
based application environment.
I haven't tried it, but it looks like the attribute 'trustManagerClassName' should
help you with tomcat 7.11 and newer.

I do wonder, why you want expired certificates to be still valid, if you are the ca
anyway and could certainly sign new for free.

Bye
 Felix

Thanks
Thomas

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Reply via email to