Hi (I write with some trepidation in light of the 'SSL' exchange this morning :-)), I am currently trying to set up Tomcat 3.2.4 to directly serve content using https: I am an SSL-novice, but I believe that I've successfully followed the Tomcat-SSL howto - I have installed jsse, rebuilt Tomcat 3.2.4, and created and installed my own certificate (just for testing) using jsse. I see an SSL-connector running on port 8443 when Tomcat comes up. Here is behaviour that's been puzzling me, and my question: The suggested SSL Connector section for server.xml stated in the SSL-howto's web.xml snippet has a <Parameter name="clientAuth" value="true"> tag inside it. BUT, when I follow this advice, I find that the following (standard) URL - https://localhost:8443/index.html gives document not found error (404? 400?). I WAS expecting it to return the usual Tomcat welcome screen. If I _change_ the tag to have "clientAuth" parameter set to "false", then the document is fetched OK at the above URL, (well, the browser first complains a little at first that my certificate is not issued by a valid provider, but that's something I can solve). I have looked through documentation I have, the discussion archives and the source code for Tomcat, trying to understand the behavior of the "clientAuth" parameter for a connector. So far, I'm missing what I need. I assume it's requiring the client to authenticate somehow (and blocking the server, in my case), but I don't know how to actually set up an authenticating client (in the way this server wants it). Is this information that you have to supply in the POST parameters? Q1> Can someone point me to the right documentation specifying this type of client authentication? (Really sorry if it's in front of my face.) Q2> Also, can anyone tell me if the behavior I'm seeing (no documents served unless clientAuth="false") is reasonable, or have I created a flawed build of Tomcat? Thanks, Vivek Iyer
