Hi,
Sorry if that didn't help.
Here's what I have in server.xml (I don't remember if I had to change
anything outside of server.xml to enable client authentication):
<!-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 -->
<Connector port="8443"
className="org.apache.coyote.tomcat5.CoyoteConnector"
maxThreads="150" minSpareThreads="25"
maxSpareThreads="75"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" debug="0" scheme="https" secure="true"
clientAuth="true" sslProtocol="TLS"
keystoreFile="e:\tomcat\jakart~1.27\ssl\servercertificate.keystore"
keystoreType="PKCS12"
truststoreFile="C:\Documents and
Settings\Administrator\.keystore"
truststorePass="XXXXXXX"
truststoreType="JKS"
/>
Jim
P.S. When I was doing this (which was awhile ago), I didn't find any
way to get Tomcat to check for client cert revocations (i.e., CRL
checking). I don't know if that has changed at all since then.
lercoli wrote:
>
> Hi Jim
>
> I've tried with clientAuth = true but server certificate window doesn't
> appear and I get page not found error.
>
> ----- Original Message -----
> From: "ohaya" <[EMAIL PROTECTED]>
> To: "Tomcat Users List" <[email protected]>
> Sent: Wednesday, April 27, 2005 12:49 PM
> Subject: Re: Tomcat SSL Client Authentication
>
> > Hi,
> >
> > I believe that the "clientAuth" needs to be set to "true" in the
> > server.xml.
> >
> > Jim
> >
> >
> >
> > lercoli wrote:
> > >
> > > Hello
> > >
> > > I've configured Tomcat SSL Client Authentication with these settings :
> > >
> > > web.xml
> > >
> > > .......
> > > <security-constraint>
> > >
> > > <web-resource-collection>
> > >
> > > <web-resource-name>Entire Application</web-resource-name>
> > >
> > > <url-pattern>/*</url-pattern>
> > >
> > > <http-method>GET</http-method>
> > >
> > > <http-method>POST</http-method>
> > >
> > > </web-resource-collection>
> > >
> > > <user-data-constraint>
> > >
> > > <transport-guarantee>CONFIDENTIAL</transport-guarantee>
> > >
> > > </user-data-constraint>
> > >
> > > </security-constraint>
> > >
> > > <login-config>
> > >
> > > <auth-method>CLIENT-CERT</auth-method>
> > >
> > > </login-config>
> > >
> > > .........
> > >
> > > server.xml
> > >
> > > .........
> > >
> > > <Connector port="8443" maxHttpHeaderSize="8192"
> > >
> > > maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
> > >
> > > enableLookups="false" disableUploadTimeout="true"
> > >
> > > acceptCount="100" scheme="https" secure="true"
> > >
> > > clientAuth="false" sslProtocol="TLS"
> > >
> > > keystoreFile="D:\jdk1.5.0_02\bin\keystore.jks" keystorePass="changeit"
> > >
> > > truststoreFile="D:\jdk1.5.0_02\bin\cacerts.jks" />
> > >
> > > .......
> > >
> > > Client certificate (client.cer) is installed in my IE Browser (version
> 6.0.28).
> > >
> > > When I invoke htpps://localhost:8443/myweapp appears a window that asks
> me to accept the server certificate.
> > >
> > > I accept and my webapp index page appears.
> > >
> > > So why I don't see a window for client authentication ?
> > >
> > > And why I 've the same behaviour also when I remove the client.cer from
> my Browser ?
> > >
> > > It seems that client-certification doesn't work.
> > >
> > > Any help would be greatly appreciated.
> > >
> > > Thank You
> > >
> > > Luca Ercoli
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > For additional commands, e-mail: [EMAIL PROTECTED]
> >
> >
> >
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
