You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by "Sweeney, Bill" <bs...@CHARTONE.COM> on 2005/03/23 22:21:11 UTC
clientAuth=true; non-SSL?
Hello folks -
I am working with Tomcat 5.0.28; j2sdk 1_4_2_07
The question is this: Do I need an SSL connection in order to get
Tomcat to force the presentation of a client side certificate? In other
words, I only want to force authentication, not wrap the connection in
SSL.
Here is the connector config:
<Connector port="8080" maxThreads="150" minSpareThreads="25"
maxSpareThreads="75"
enableLookups="false" redirectPort="8443" scheme="http"
secure="true" clientAuth="true" acceptCount="100"keystoreType="JKS"
keystoreFile="C:\j2sdk1.4.2_07\bin\client.keystore"
keystorePass="changeit" debug="0" connectionTimeout="20000"
disableUploadTimeout="true" />
The result is that I am not able to access the page at port 8080, but I
am not getting the normal certificate request either.
Any help welcome and appreciated!
- wjs
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
Re: clientAuth=true; non-SSL?
Posted by QM <qm...@brandxdev.net>.
On Wed, Mar 23, 2005 at 01:21:11PM -0800, Sweeney, Bill wrote:
: The question is this: Do I need an SSL connection in order to get
: Tomcat to force the presentation of a client side certificate? In other
: words, I only want to force authentication, not wrap the connection in
: SSL.
If you want to force authentication using certs (which is what
clientAuth is all about) then I don't see a way around SSL. The cert
exchange takes place during the SSL handshake.
If you want to just protect access to certain areas of the webapp, check
the Tomcat docs for "realms" and skim the servlet spec for "FORM
authentication."
-QM
--
software -- http://www.brandxdev.net/
tech news -- http://www.RoarNetworX.com/
code scan -- http://www.JxRef.org/
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org