Found a solution to this. In case anyone is interested in, I gave my server two IP addresses and used two connectors with the two IP address in the "address=" field of the connectors. I set one of them to "clientAuth="true" and the other "clientAuth=false". I do have to do a "redirect" from one to the other when I would've preferred to "forward", but otherwise this solution works.
-----Original Message----- From: Sanjeev Sharma [mailto:sanjeev.sha...@buchanan-edwards.com] Sent: Thursday, February 09, 2012 11:18 AM To: Tomcat Users List Subject: controlling Server Authentication only vs Mutual authentication Hi, I work on an java web-app running on Tomcat 7. The entire application is required be doing SSL on port 443 (everything is accessed via https://). Two different login options are given to the user : username/password or client certificate authentication. We employ application-managed security as opposed to contain-manage (i.e. we don't use realms). I have the following connector in my server.xml : <Connector port="443" protocol="HTTP/1.1" SSLEnabled="true" maxThreads="150" scheme="https" secure="true" keystoreFile="d:\certs\server_cert.jks" keystorePass="changeit" truststoreFile="d:\certs\truststore.jks" truststorePass="changeit" clientAuth="true" sslProtocol="TLS" /> This forces mutual authentication on anything I try to access using https. How can I configure tomcat so that only specific links (a specific struts action for example) would require mutual authentication or how can I exclude from the mutual authentication. Thanks, Sanjeev.