I do not want to get into storing client certs in the cacerts file. I am using tomcat in a PKI environment. If there are thousands of users accessing tomcat, this would mean that I would need to import 1000's of certs into this file.
Thanks...
Janne Ruuttunen wrote:
Hi Mark,
you need to use a Coyote HTTP1.1 connector, configured to use a org.apache.coyote.tomcat4.CoyoteServerSocketFactory with the clientAuth property set to true. See the Coyote part in the config reference. I agree that more should be said about this in the SSL howto.
Note that Java validates the client certs against the CA keystore in $JAVA_HOME/jre/lib/security/cacerts.
Hope this helps, Janne
----- Original Message ----- From: "Mark W. Webb" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, March 28, 2003 11:04 PM Subject: mutual SSL authentication
How can I set up SSL on tomcat 4.1 that will allow the server and client to authenticate each other? from what I can tell, it looks like the SSL-HOWTO only addresses server authentication. I have this set up on apache, would I be better off just running tomcat on top of apache?
thanks...
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
