I'm using Tomcat 4.1.18 standalone. We need client certificates to work across all our platforms. With Microsoft its easy, with Tomcat we just can't seem to do it. We've looked at many different methods of security. Basic Authentication is OK if we use it with HTTPS, but doesn't seem to be very interoperable. Dave
-----Original Message----- From: Bill Barker [mailto:[EMAIL PROTECTED] Sent: Sat 08/03/2003 07:07 To: [EMAIL PROTECTED] Cc: Subject: Re: Can Tomcat do client certificate authentication ? The choice of going to SSL-CERT auth puts a huge burden on your IT staff. You've got to collect all of your client's certs, and manage them (including renewals, revocations, et. al.). Except for small closed-groups, it is almost always not worth the trouble. Which headaches you want really depend on your configuration. The methods are different if you are using Apache/IIS/iPlanet in front of Tomcat, or if you are using Tomcat-Stand-Alone. <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] <news:[EMAIL PROTECTED] n> et... > Within our company we've decided to use client certificates for security. > I've spent all week trying to get this working on Tomcat. If the client and > server are on the same machine it's easy. But how do I do it if the client > is on a different machine ? I can get SSL working on HTTPS no problem, but > client certificates ? No way. > > If we can't find an answer we'll have to ban the use of Tomcat in our > company for any serious work. > > Dave --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
