You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Greg Bailey <gb...@i-link.net> on 2002/03/13 23:46:05 UTC
SSL client authentication
Is there a way to configure Tomcat to allow/disallow access to a web
application based on the common name (CN) in an SSL client certificate?
I can set "clientAuth=true" in the server.xml, which works fine, and I
know I can read the certificate once I'm "in" the web application, but
I'm looking for a way to do this before Tomcat passes the request on to
the web application.
i.e. I'm looking for something analogous to the mod_ssl directives like
"SSLRequire", "SSLVerifyDepth", etc. Any ideas? Is this type of thing
supported in Tomcat 3? 4? Neither? The SSL docs are great from a
server perspective but I couldn't find much that's client-related.
Thanks for any input!
Greg Bailey
gbailey@i-link.net
--
To unsubscribe: <ma...@jakarta.apache.org>
For additional commands: <ma...@jakarta.apache.org>
Troubles with the list: <ma...@jakarta.apache.org>