Thanks Jim, You nailed it, this was the missing link.
Rick -----Original Message----- From: James Rome [mailto:[EMAIL PROTECTED] Sent: Thursday, October 27, 2005 4:14 PM To: Steinberger, Richard Subject: Two-way SSL The client browser only presents certificates signed by a CA that the Server trusts. Thus, make sure that your jre/lib/security/cacerts file has your ca certificate in it. Or whatever certificates you decide to trust. I note that so far as I can tell, the usual tomcat certificate realms do NOT check for certificate revocation. You will have to do this yourself in a servlet filter. I tried this in a custom Realm, but could not get OCSP to work using the same code I used in the filter. Jim --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
