tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Stefan Wengi <>
Subject HTTP and client certificates
Date Tue, 16 Oct 2001 18:47:50 GMT

some people on user mailing list reported problems getting HTTPS with
authentication to work (setting "clientAuth" property to "true").
It seems like the Tomcat SSL server factory ignores the CA certificates
that are stored in the keystore and only sends the Thawte and Verisign
CA info to the client. If you have certificates signed by another CA it
won't work because the browser (at least Netscape 4.7x) looks for a user
certificate signed by a CA known to the server.

We patched the SSLServerSocketFactory class to retrieve additional CA
certs via the TrustManagerFactory. The code already had some
preparations for that although it was disabled.

how can we get the fix into the Tomcat 4 code?



View raw message