tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Julian W H Osborne <>
Subject Re: Cleint Side Certificates
Date Fri, 24 Dec 2004 09:44:54 GMT
Chris wrote:

>>> You need to pass the truststore in as a JVM arguement.  Do a search 
>>> on the list for SSL.  The exact parameters should be in there.
>> Hmmm, why do you need to do this?  Surely to get client 
>> authentication you don't need to start passing extra parameters to 
>> Tomcat?
>> Have been trawling through the archives and can't find the message 
>> you mean.
> Sorry, wrong list.  It was on the Axis list.  Here's the relevant text.
> ---------------
> I pretty much used this guide (and the new chapter it links to) to do it.
> Pretty much everything you need to know is in the SSL section of the new
> chapter.  It starts on page 16 of the pdf.  You gen your keystores and
> truststores, making sure to place them on the appropriate machines.  Then
> change server.xml.  I didn't use JCEKS and all of my stuff works.  The 
> hard
> part was installing Tomcat as a service with the truststore attribute 
> set.
> For some reason, Tomcat doesn't let you set it in server.xml.  Then 
> you just
> modify your client to use https and include the keystore and truststore.
> Other than a typo, the CL version worked perfectly.  I had to just play
> around with tomcat.exe to get it installed as a service, tho.
> ------------------------
> As for passing in the parameters, to do 2 way auth, both sides need a 
> truststore and a keystore.  In TC 4.x server.xml doesn't provide you 
> for a way to define a truststore, so you have to pass it in as a JVM arg.
> Chris
> ---------------------------------------------------------------------
> To unsubscribe, e-mail:
> For additional commands, e-mail:
Thanks Chris,

Will have a read over the Christmas period.


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message