You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@tomcat.apache.org by Greg Bailey <gb...@i-link.net> on 2002/03/13 23:46:05 UTC

SSL client authentication

Is there a way to configure Tomcat to allow/disallow access to a web 
application based on the common name (CN) in an SSL client certificate? 
  I can set "clientAuth=true" in the server.xml, which works fine, and I 
know I can read the certificate once I'm "in" the web application, but 
I'm looking for a way to do this before Tomcat passes the request on to 
the web application.

i.e. I'm looking for something analogous to the mod_ssl directives like 
"SSLRequire", "SSLVerifyDepth", etc.  Any ideas?  Is this type of thing 
supported in Tomcat 3?  4?  Neither?  The SSL docs are great from a 
server perspective but I couldn't find much that's client-related. 
Thanks for any input!

Greg Bailey
gbailey@i-link.net


--
To unsubscribe:   <ma...@jakarta.apache.org>
For additional commands: <ma...@jakarta.apache.org>
Troubles with the list: <ma...@jakarta.apache.org>