tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Michael Yates" <yate...@nortelnetworks.com>
Subject CLIENT-CERT over secure and non-secure connectors
Date Tue, 17 Dec 2002 09:38:38 GMT
Hi all,

I have an unusual set-up/configuration question.

I wish to have a single instance of a web-app accessible over both http and
https (with the https users authenticating with client certificates). The
reason for this configuration is that the un-secure port may be handling
traffic coming over (say) a VPN - which already has all of the security
required. Whereas the secure port may be more open and available to the
"general public".

However if I add
<auth-method>CLIENT-CERT</auth-method>
Along with the other necessary security setup stuff in my web-app web.xml
file it uses the SSLAuthenticator valve when processing both the HTTP as
well as the HTTPS requests. Meaning traffic coming over the standard HTTP
gets stopped with errors like "no certificate chain"

Can anyone see any way to have the one web-app require client-certification
when the user comes over HTTPS but allow them access when they come over
HTTP?

Regards,
Michael Yates
Software Engineer
Australia (Wollongong) R&D
yatesmi@nortelnetworks.com
ESN 639-7547 Direct +61 2 42547547

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message