tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Paul Singleton <>
Subject Re: Certificate Authentication for individual apps
Date Fri, 01 Jul 2005 14:32:12 GMT
Mahesh S Kudva wrote:

> How can I have different certificate authentication for different applications and skip
> authentication for some applications hosted on the same server.

I believe that, at least under SSL, certificates authenticate
*servers* not applications, and that the Connector offers a
certificate before it checks, or regardless of, the context
path within that server.

So you need to deploy each app at a different (virtual) host,
each with a different IP address.  We do this currently with
5.5.9.  You can use the default keystore for all hosts, and
use the (undocumented) keyAlias="myalias" Connector attribute
to offer the appropriate certificate for each host, e.g.


(in 5.5.9 you also need sslProtocol="TLS" explicitly)

Paul Singleton

No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.323 / Virus Database: 267.8.8/35 - Release Date: 30/Jun/2005

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message