Thank you.
So did you load the ca root cert (self-signed "top of chain") into the
truststorefile? via keytool?
also
does your web app's web.xml have the following?
<login-config>
<auth-method>CLIENT-CERT</auth-method>
</login-config>
and
<security-constraint>
...
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
________________________________
From: Goo Sam Kong <skgo...@gmail.com>
To: Tomcat Users List <users@tomcat.apache.org>
Sent: Tue, April 6, 2010 10:21:49 PM
Subject: Re: smartcards for tomcat webapps
On 6 April 2010 20:39, <dockeryjava...@yahoo.com> wrote:
> Anyone using smartcards for auth?
>
> If so, have specific example code excerpt and server.xml?
Minimum configuration changes required for HTTPS connector in
server.xml is to add attributes below and amend value of clientAuth
attribute from false to true or want.
1. truststoreFile
2. truststorePass
3. truststoreType
<!-- Define a SSL HTTP/1.1 Connector on port 8443
connectionTimeout="15000" -->
<Connector port="8443" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
clientAuth="want/true" sslProtocol="TLS"
truststoreFile="xxxx" truststorePass="xxx" truststoreType="xxx" />
No code change required in server side.
Refer to http://tomcat.apache.org/tomcat-5.5-doc/ssl-howto.html for
SSL configuration in server.xml.
>
>
> Sent from my Verizon Wireless BlackBerry
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
