tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 46950] SSL renegotiation does not occur when resource with CLIENT-CERT auth is requested
Date Tue, 14 Apr 2009 23:15:33 GMT
https://issues.apache.org/bugzilla/show_bug.cgi?id=46950


Mark Thomas <markt@apache.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|REOPENED                    |RESOLVED
         Resolution|                            |WORKSFORME




--- Comment #3 from Mark Thomas <markt@apache.org>  2009-04-14 16:15:31 PST ---
The following configuration works for me. At a guess, you haven't configured
Tomcat to trust the issuer of your client certificate. The browser only prompts
you to select a cert if it has one that the server will trust.

Please use the users list if you need further help configuring your SSL certs.

  <security-constraint>
    <web-resource-collection>
      <web-resource-name>Bug46950</web-resource-name>
      <url-pattern>/bug46381.jsp</url-pattern>
    </web-resource-collection>
    <auth-constraint>
      <role-name>manager</role-name>
    </auth-constraint>
  </security-constraint>
  <security-constraint>
    <web-resource-collection>
      <web-resource-name>Everything</web-resource-name>
      <url-pattern>/*</url-pattern>
    </web-resource-collection>
    <user-data-constraint>
      <transport-guarantee>CONFIDENTIAL</transport-guarantee>
    </user-data-constraint>
  </security-constraint>
  <login-config>
    <auth-method>CLIENT-CERT</auth-method>
  </login-config>

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message