Thank you. So did you load the ca root cert (self-signed "top of chain") into the truststorefile? via keytool?
also does your web app's web.xml have the following? <login-config> <auth-method>CLIENT-CERT</auth-method> </login-config> and <security-constraint> ... <user-data-constraint> <transport-guarantee>CONFIDENTIAL</transport-guarantee> </user-data-constraint> </security-constraint> ________________________________ From: Goo Sam Kong <skgo...@gmail.com> To: Tomcat Users List <users@tomcat.apache.org> Sent: Tue, April 6, 2010 10:21:49 PM Subject: Re: smartcards for tomcat webapps On 6 April 2010 20:39, <dockeryjava...@yahoo.com> wrote: > Anyone using smartcards for auth? > > If so, have specific example code excerpt and server.xml? Minimum configuration changes required for HTTPS connector in server.xml is to add attributes below and amend value of clientAuth attribute from false to true or want. 1. truststoreFile 2. truststorePass 3. truststoreType <!-- Define a SSL HTTP/1.1 Connector on port 8443 connectionTimeout="15000" --> <Connector port="8443" maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25" maxSpareThreads="75" enableLookups="false" disableUploadTimeout="true" acceptCount="100" scheme="https" secure="true" clientAuth="want/true" sslProtocol="TLS" truststoreFile="xxxx" truststorePass="xxx" truststoreType="xxx" /> No code change required in server side. Refer to http://tomcat.apache.org/tomcat-5.5-doc/ssl-howto.html for SSL configuration in server.xml. > > > Sent from my Verizon Wireless BlackBerry > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org