Hi all, I have an unusual set-up/configuration question.
I wish to have a single instance of a web-app accessible over both http and https (with the https users authenticating with client certificates). The reason for this configuration is that the un-secure port may be handling traffic coming over (say) a VPN - which already has all of the security required. Whereas the secure port may be more open and available to the "general public". However if I add <auth-method>CLIENT-CERT</auth-method> Along with the other necessary security setup stuff in my web-app web.xml file it uses the SSLAuthenticator valve when processing both the HTTP as well as the HTTPS requests. Meaning traffic coming over the standard HTTP gets stopped with errors like "no certificate chain" Can anyone see any way to have the one web-app require client-certification when the user comes over HTTPS but allow them access when they come over HTTP? Regards, Michael Yates Software Engineer Australia (Wollongong) R&D [EMAIL PROTECTED] ESN 639-7547 Direct +61 2 42547547