tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Vivek Iyer" <>
Subject client-auth tag in Connector config in server.xml, for SSL
Date Wed, 02 Jan 2002 16:47:46 GMT
(I write with some trepidation in light of the 'SSL' exchange this
morning :-)),
I am currently trying to set up Tomcat 3.2.4 to directly serve content
using https: I am an SSL-novice, but I believe that I've successfully
followed the Tomcat-SSL howto - I have installed jsse, rebuilt Tomcat
3.2.4, and created and installed my own certificate (just for testing)
using jsse. I see an SSL-connector running on port 8443 when Tomcat
comes up.
Here is behaviour that's been puzzling me, and my question:
The suggested SSL Connector section for server.xml stated in the
SSL-howto's web.xml snippet has a 
<Parameter name="clientAuth" value="true"> 
tag inside it. 
BUT, when I follow this advice, I find that the following (standard) URL
gives document not found error (404? 400?). I WAS expecting it to return
the usual Tomcat welcome screen. If I _change_ the tag to have
"clientAuth" parameter set to "false", then the document is fetched OK
at the above URL, (well, the browser first complains a little at first
that my certificate is not issued by a valid provider, but that's
something I can solve).
I have looked through documentation I have, the discussion archives and
the source code for Tomcat, trying to understand the behavior of the
"clientAuth" parameter for a connector. So far, I'm missing what I need.
I assume it's requiring the client to authenticate somehow (and blocking
the server, in my case), but I don't know how to actually set up an
authenticating client (in the way this server wants it). Is this
information that you have to supply in the POST parameters?
Q1> Can someone point me to the right documentation specifying this type
of client authentication? (Really sorry if it's in front of my face.)
Q2> Also, can anyone tell me if the behavior I'm seeing (no documents
served unless clientAuth="false") is reasonable, or have I created a
flawed build of Tomcat?
Vivek Iyer

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message