Hi all, I also got Tomcat working with client auth. last week. What I believe is not documented in the docs is how Tomcat authenticates the client certificates, i.e. the truststore used by Tomcat. AFAIK, the truststore cannot be specified in the server.xml, and Tomcat just uses the trusstore of the JVM that it is started in. In my case that was the cacerts file in the %JAVA_HOME%/jre/lib/security directory, and I got it working by importing my (self-signed) client certificate into this truststore prior to starting Tomcat.
Another approach could be to define the java system property "truststore" when starting Tomcat, but I didn't try it. Maybe this info could be integrated into the How-To docs (any dev people listening?), as a lot of people seem to have difficulties with this (so did I for a long time :-) cheers, memo John Hughes wrote: > Has anyone got input on this. > > BTW got Tomcat working with SSL (or rather TLS!) client authentication. > There is an extra step one needs (that's not documented in the Tomcat SSL > How to guide). So now we have several servlets communicating with each > other, over the SSL link, performing some OASIS SAML requests/responses. > > > John > > > > >>-----Original Message----- >>From: John Hughes [mailto:[EMAIL PROTECTED]] >>Sent: 19 September 2002 20:22 >>To: [EMAIL PROTECTED] >>Subject: SSL support in 4.1.10 >> >> >>I'm using 4.1.10 to perform SSL - with client authentication - using JSSE >>1.0.3. >> >>The documentaion descibes how to configure to use TLS using the protocol= >>keyword. What if I want to use either: >> >>SSLv3 >> >>or SSLv2 >> >> >> >>John >> >> >>-- >>To unsubscribe, e-mail: >><mailto:[EMAIL PROTECTED]> >>For additional commands, e-mail: >><mailto:[EMAIL PROTECTED]> > > > > -- > To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> > For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> > > -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
