CLIENT_CERT and Tomcat 3.2.3

["Gaussmann, Horst" <Ho...@db-ig.com>]

Hello!

I want to use client authentification based on a client certificate. 
I've read several documentation about that - so tomcat and ssl, jsse ...
After that i've done the following:

changed server.xml to get ssl support 

        <Connector className="org.apache.tomcat.service.PoolTcpConnector">
            <Parameter name="handler"
value="org.apache.tomcat.service.http.HttpConnectionHandler"/>
            <Parameter name="port" value="8443"/>
            <Parameter name="socketFactory"
value="org.apache.tomcat.net.SSLSocketFactory" />
            <Parameter name="keystore" value="c:\tomcat\conf\.keystore" />
            <Parameter name="keypass" value="changeit" />
            <Parameter name="clientAuth" value="true" />             
        </Connector>

so i could that i could connect to the rigth port. 

Then i made a webapp with some protected resourcen.

    <security-constraint>
      <web-resource-collection>
         <web-resource-name>protected area</web-resource-name>
         <url-pattern>/*</url-pattern>
         <http-method>DELETE</http-method>
         <http-method>GET</http-method>
         <http-method>POST</http-method>
         <http-method>PUT</http-method>
      </web-resource-collection>

      <auth-constraint>
         <role-name>tomcat</role-name>
      </auth-constraint>
    </security-constraint>

    <login-config>
      <auth-method>CLIENT-CERT</auth-method>
      <realm-name>GIM Protected</realm-name>
    </login-config>


The Problem is i always get the http error code 401. I don't know what to do
to get it work.... 
I've set up debugging for ssl and i wondered why tomcat reads the
%java_home\jre\lib\security\cacerts file when clientAuth="false" and not
when this flag is "true". Also my Browser didn't prompt me to select the
client cert.
I'm confused about the mechanism of client certification. 

thanx for light Horst