Return-Path: Mailing-List: contact tomcat-dev-help@jakarta.apache.org; run by ezmlm Delivered-To: mailing list tomcat-dev@jakarta.apache.org Received: (qmail 78440 invoked from network); 15 Nov 2000 00:22:01 -0000 Received: from outthere.extricity.com (209.0.80.18) by locus.apache.org with SMTP; 15 Nov 2000 00:22:01 -0000 Received: (qmail 5413 invoked from network); 15 Nov 2000 00:21:39 -0000 Received: from nostradamus.extricity.com (209.0.80.34) by 209.0.80.18 with SMTP; 15 Nov 2000 00:21:39 -0000 Received: from area51.extricity.com (area51.extricity.com [10.11.38.22]) by nostradamus.extricity.com (8.8.7/8.8.7) with ESMTP id QAA03272 for ; Tue, 14 Nov 2000 16:20:59 -0800 Received: by area51.extricity.com with Internet Mail Service (5.5.2650.21) id ; Tue, 14 Nov 2000 16:21:42 -0800 Message-ID: <811A3DD2D243D4119DB4009027EE7AC9B8B7F4@area51.extricity.com> From: Barbara Nelson To: "'tomcat-dev@jakarta.apache.org'" Subject: Client certificates in Tomcat 3.2beta7 Date: Tue, 14 Nov 2000 16:21:42 -0800 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2650.21) Content-Type: text/plain; charset="iso-8859-1" X-Spam-Rating: locus.apache.org 1.6.2 0/1000/N I am testing Tomcat standalone with client authentication on, and getting some odd results. It works fine if client authentication is not turned on (for both IE and Netscape browsers). If I turn on client authentication, Netscape claims that I do not have a personal certificate, and IE asks me to choose from an empty list of certificates. If I go via Apache/SSL, and redirect to Tomcat, it works fine. Netscape lets me choose the certificate, IE shows the certificate in the list, and I can see the certificate in the SnoopServlet output. Any ideas on the problem with the certificate request when I use Tomcat standalone? Is there some configuration to indicate the type of certificate the server is requesting? I am using a self-signed certificate, generated via keytool, on the server. In the browser, I have a verisign personal certificate. Many thanks, Barbara Nelson.