Ron Lin wrote: > > I need to pass a Client Cert through Tomcat 4.0, but the problem is that I > want to use self-signed certificates, and if the clientAuth flag in the SSL > Connector is set to true, it appears to require a valid CA-signed cert.
What I have done is to use openssl: - Create a demoCA. (CA.pl) - Prepare a certificate key and pem - Sign the pem using the demoCA. - make p12 and import it in the browser. - add the demoCA certificate (demoCA/cacert.pem) $JAVA_HOME/jre/lib/security (keytool). The other way is to get a free certificate for Thawte. > > is there any way to do something similar to Apache, to just have client auth > become OPTIONAL so that self-signed certs could be validly used? > > is there something i can do in the web.xml file to configure Tomcat to > request the client cert without imposing any restrictions? > > thanks, > Ron