-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Michael,
On 4/12/2010 4:55 PM, Michael Dockery wrote: > because tomcat has the root for the client cert loaded into its truststore, > and the matching client cert "subject" name (ie: user) loaded in its auth > realm > the client is therefore authenticated Right: Tomcat can authenticate the client certificate because it has the required trust roots. The OP as asking about the opposite: the client is complaining that the server's cert is untrusted (or, rather, that the cert chain doesn't lead to a known, trusted root). - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkvEc90ACgkQ9CaO5/Lv0PDmCgCdE1pCXpY8yoVMmogSFPBXvvXQ WwYAnRITkLQcCnYHkp31UpUzY5FYVCQm =wp2q -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org