Hi, Thanks! Could you give me some more detail information? Such as sample config file, code or links.
Jimmy ZHAN -----Original Message----- From: news [mailto:[EMAIL PROTECTED] On Behalf Of Bill Barker Sent: Friday, February 16, 2007 7:59 PM To: users@tomcat.apache.org Subject: Re: HOW TO turn on client Certificate with pop "choose a digital certificate" window I can see two ways to do this: 1) Tomcat-Specific: Use clientAuth="want" on the Connector, and configure the webapp to use BASIC auth in web.xml. You then add a Valve that looks for the cert, and authenticates the user based on the cert if possible. 2) Similar in that you still have clientAuth="want", but you have a Filter in your webapp that looks for the cert, and if it doesn't find it it returns a proper 401 response asking for Basic auth. While this is portable across containers, it has the downside that it doesn't allow you to use container-managed security (e.g. <security-constraint>). "Zhan, Jimmy" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] Hi, I have set up HTTPS for tomcat without client certificate, and it is running good. Now I want to turn on the client certificate. How can to config the tomcat, let pop a "Choose a digital certificate" window, allow clients pick Choose a digital certificate, If failed , pop a new window to allow user input "User Name" and "Password". In file servrer.xml , if change clientAuth="true", then when client is not in the "truststoreFile", "The page cannot be display" comes out. If change clientAuth="want", then, tomcat ignores the result of checking client certificate. Thanks in advance!! Jimmy ZHAN Cash America International --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]