I'm using tomcat 5.0.19, and I got the client authentication up and running using the information on the Tomcat site.
I've never tried it on tomcat 4.0, I'm afraid. I had too many problems using SSL + tomcat on that version so I moved to the latest at that time. moneyline telerate Keir Bowden Development Consultant Winchmore House, 15 Fetter Lane, London EC4A 1BW telephone 020 7832 9839 [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> www.moneyline.com > -----Original Message----- > From: Daniel S�nchez G�mez [mailto:[EMAIL PROTECTED] > Sent: 27 August 2004 10:33 > To: Keir Bowden > Subject: Re[2]: HTTPs with Axis > > > Hi, > > I've read the link, > > KB> http://www.pankaj-k.net/WSOverSSL/WSOverSSL-HOWTO.html > > in his reporte he mentions: > [...] > >Tomcat 4.0.1 doesn't seem to support client authentication. > I did not > >find any attribute of element Factory to specify the > truststore and its > >password. A truststore is needed to verify the certificate > presented by > >a client. As I have the client's certificate exported to the same > >keystore file, I tried just setting the attribute clientAuth > to true. > >But this didn't work. > > How can I get this? > > >However, you can supply the truststore and its password as System > >properties to the JVM running the Tomcat and that would > enable client authentication. Though I did not try this > myself, a couple of folks have pointed to me that it does work. > [...] > where can i get more information about this from? > > -- > Tanks, > Daniel mailto:[EMAIL PROTECTED] > ##################################################################### CONFIDENTIALITY NOTICE The information contained in this email is confidential and may also be privileged. It is intended to be for the exclusive use of the addressee(s) and access to it by any other person is unauthorised. If you are not the addressee please note that you must not distribute, copy, circulate or in any other way use or rely on the information contained in this email. If you have received this email in error please notify us by phone (+44 (0)20 7832 9000) and then destroy the email and any copies of it. ######################################################################
