Re: client authorization.
On Wed, 17 Jul 2002, Anthony Geoghegan wrote: Date: Wed, 17 Jul 2002 11:18:33 +0100 From: Anthony Geoghegan [EMAIL PROTECTED] Reply-To: Tomcat Users List [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Subject: client authorization. Is it possible to use client certificate authorization without a password and its associated dialog? Tomcat 4.x can do this. See the docs for the version of Tomcat you are using: http://jakarta.apache.org/tomcat/tomcat-4.0-doc/ssl-howto.html http://jakarta.apache.org/tomcat/tomcat-4.1-doc/ssl-howto.html Best Regards, Anthony Geoghegan. J2EE Developer CPS Ireland Ltd. Craig -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: client authorization.
They only describe how to get a certificate on server side. I mean server can show a certificate to client, but it does not say how do the client sends a certificate to the server. I think we need to find this thing out., -Original Message- From: Craig R. McClanahan [mailto:[EMAIL PROTECTED]] Sent: Wednesday, July 17, 2002 16:59 To: Tomcat Users List Subject: Re: client authorization. On Wed, 17 Jul 2002, Anthony Geoghegan wrote: Date: Wed, 17 Jul 2002 11:18:33 +0100 From: Anthony Geoghegan [EMAIL PROTECTED] Reply-To: Tomcat Users List [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Subject: client authorization. Is it possible to use client certificate authorization without a password and its associated dialog? Tomcat 4.x can do this. See the docs for the version of Tomcat you are using: http://jakarta.apache.org/tomcat/tomcat-4.0-doc/ssl-howto.html http://jakarta.apache.org/tomcat/tomcat-4.1-doc/ssl-howto.html Best Regards, Anthony Geoghegan. J2EE Developer CPS Ireland Ltd. Craig -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- If you have received this e-mail in error or wish to read our e-mail disclaimer statement and monitoring policy, please refer to http://www.drkw.com/disc/email/ or contact the sender. -- -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: client authorization.
On Wed, 17 Jul 2002, Tathagat (London) wrote: Date: Wed, 17 Jul 2002 16:03:30 +0100 From: Tathagat (London) [EMAIL PROTECTED] Reply-To: Tomcat Users List [EMAIL PROTECTED] To: 'Tomcat Users List' [EMAIL PROTECTED] Subject: RE: client authorization. They only describe how to get a certificate on server side. I mean server can show a certificate to client, but it does not say how do the client sends a certificate to the server. You need to import a *client* certificate into your browser (following the procedures for your browser -- it has nothing to do with Tomcat). Then, when the server is set up to challenge for client certificates (which it will if you use CLIENT-CERT as the authentication mechanism, or you've set the clientAuth attribute on the HTTPS connector), the browser will pop up a dialog asking you which of your client certificates you want to send in response. I think we need to find this thing out., Craig -Original Message- From: Craig R. McClanahan [mailto:[EMAIL PROTECTED]] Sent: Wednesday, July 17, 2002 16:59 To: Tomcat Users List Subject: Re: client authorization. On Wed, 17 Jul 2002, Anthony Geoghegan wrote: Date: Wed, 17 Jul 2002 11:18:33 +0100 From: Anthony Geoghegan [EMAIL PROTECTED] Reply-To: Tomcat Users List [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Subject: client authorization. Is it possible to use client certificate authorization without a password and its associated dialog? Tomcat 4.x can do this. See the docs for the version of Tomcat you are using: http://jakarta.apache.org/tomcat/tomcat-4.0-doc/ssl-howto.html http://jakarta.apache.org/tomcat/tomcat-4.1-doc/ssl-howto.html Best Regards, Anthony Geoghegan. J2EE Developer CPS Ireland Ltd. Craig -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- If you have received this e-mail in error or wish to read our e-mail disclaimer statement and monitoring policy, please refer to http://www.drkw.com/disc/email/ or contact the sender. -- -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: client authorization.
What if the client isn't a browser but a Microsoft ASP based HTTPXML call? Best Regards, Anthony Geoghegan. J2EE Developer CPS Ireland Ltd. - Original Message - From: Craig R. McClanahan [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Wednesday, July 17, 2002 5:09 PM Subject: RE: client authorization. On Wed, 17 Jul 2002, Tathagat (London) wrote: Date: Wed, 17 Jul 2002 16:03:30 +0100 From: Tathagat (London) [EMAIL PROTECTED] Reply-To: Tomcat Users List [EMAIL PROTECTED] To: 'Tomcat Users List' [EMAIL PROTECTED] Subject: RE: client authorization. They only describe how to get a certificate on server side. I mean server can show a certificate to client, but it does not say how do the client sends a certificate to the server. You need to import a *client* certificate into your browser (following the procedures for your browser -- it has nothing to do with Tomcat). Then, when the server is set up to challenge for client certificates (which it will if you use CLIENT-CERT as the authentication mechanism, or you've set the clientAuth attribute on the HTTPS connector), the browser will pop up a dialog asking you which of your client certificates you want to send in response. I think we need to find this thing out., Craig -Original Message- From: Craig R. McClanahan [mailto:[EMAIL PROTECTED]] Sent: Wednesday, July 17, 2002 16:59 To: Tomcat Users List Subject: Re: client authorization. On Wed, 17 Jul 2002, Anthony Geoghegan wrote: Date: Wed, 17 Jul 2002 11:18:33 +0100 From: Anthony Geoghegan [EMAIL PROTECTED] Reply-To: Tomcat Users List [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Subject: client authorization. Is it possible to use client certificate authorization without a password and its associated dialog? Tomcat 4.x can do this. See the docs for the version of Tomcat you are using: http://jakarta.apache.org/tomcat/tomcat-4.0-doc/ssl-howto.html http://jakarta.apache.org/tomcat/tomcat-4.1-doc/ssl-howto.html Best Regards, Anthony Geoghegan. J2EE Developer CPS Ireland Ltd. Craig -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- If you have received this e-mail in error or wish to read our e-mail disclaimer statement and monitoring policy, please refer to http://www.drkw.com/disc/email/ or contact the sender. -- -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: client authorization.
then it really has nothing to do with Tomcat. Your ASPs need to implement SSL (sorry i'm not versed in ASP :) In Java you would need to import the client certificate (if not certified by a certified CA) into the JVM and tell it to trust it explicitly. d. Anthony Geoghegan wrote: What if the client isn't a browser but a Microsoft ASP based HTTPXML call? Best Regards, Anthony Geoghegan. J2EE Developer CPS Ireland Ltd. - Original Message - From: Craig R. McClanahan [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Wednesday, July 17, 2002 5:09 PM Subject: RE: client authorization. On Wed, 17 Jul 2002, Tathagat (London) wrote: Date: Wed, 17 Jul 2002 16:03:30 +0100 From: Tathagat (London) [EMAIL PROTECTED] Reply-To: Tomcat Users List [EMAIL PROTECTED] To: 'Tomcat Users List' [EMAIL PROTECTED] Subject: RE: client authorization. They only describe how to get a certificate on server side. I mean server can show a certificate to client, but it does not say how do the client sends a certificate to the server. You need to import a *client* certificate into your browser (following the procedures for your browser -- it has nothing to do with Tomcat). Then, when the server is set up to challenge for client certificates (which it will if you use CLIENT-CERT as the authentication mechanism, or you've set the clientAuth attribute on the HTTPS connector), the browser will pop up a dialog asking you which of your client certificates you want to send in response. I think we need to find this thing out., Craig -Original Message- From: Craig R. McClanahan [mailto:[EMAIL PROTECTED]] Sent: Wednesday, July 17, 2002 16:59 To: Tomcat Users List Subject: Re: client authorization. On Wed, 17 Jul 2002, Anthony Geoghegan wrote: Date: Wed, 17 Jul 2002 11:18:33 +0100 From: Anthony Geoghegan [EMAIL PROTECTED] Reply-To: Tomcat Users List [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Subject: client authorization. Is it possible to use client certificate authorization without a password and its associated dialog? Tomcat 4.x can do this. See the docs for the version of Tomcat you are using: http://jakarta.apache.org/tomcat/tomcat-4.0-doc/ssl-howto.html http://jakarta.apache.org/tomcat/tomcat-4.1-doc/ssl-howto.html Best Regards, Anthony Geoghegan. J2EE Developer CPS Ireland Ltd. Craig -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- If you have received this e-mail in error or wish to read our e-mail disclaimer statement and monitoring policy, please refer to http://www.drkw.com/disc/email/ or contact the sender. -- -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- David Mossakowski [EMAIL PROTECTED] Instinet Corporation 212.310.7275 *** Disclaimer This message is intended only for the use of the Addressee and may contain information that is PRIVILEGED and/or CONFIDENTIAL or both. This email is intended only for the personal and confidential use of the recipient(s) named above. If the reader of this email is not an intended recipient, you have received this email in error and any review, dissemination, distribution or copying is strictly prohibited. If you have received this email in error, please notify the sender immediately by return mail and permanently deleting the copy you received. Thank you. *** -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]