I have noticed that in Tomcat 8.5.15 on the Windows Server 2008 Operating System that the way that tomcat presents user certificates has changed. I have a trust store that I use on the tomcat 8.5.14 version that has only DoD intermediate Email certificates which makes it so when users go to the site they are prompted for only their email cert. When upgrading to 8.5.15 I used the same trust store and it now prompts for all certificates on the computer. I am not sure if that is intended behavior or an oversight but it is kind of confusing to users to be presented certificates that they can't use. Another reason for having them only select the email cert is that only the email certificate contains the information that we need to get their user ID. I want to see if anyone else is having this issue or if anyone has noticed that when specifying a trust store in Tomcat 8.5.15 that it will present the user with all the certificates they have rather than only the ones that the trust store will accept. To rule out an issue with my server xml I have installed both 8.5.15 and 8.5.14 on the server and used the exact same server.xml file and I see that the 8.5.14 version will ask the user for only 1 cert and that the 8.5.15 version will ask the user for all certs. If anyone has a fix for this or might know what is going on or if there is an extra configuration needed that would be helpful.
--------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org