tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Paul Singleton <p...@jbgb.com>
Subject Re: Certificate Authentication for individual apps
Date Fri, 01 Jul 2005 14:32:12 GMT
Mahesh S Kudva wrote:

> How can I have different certificate authentication for different applications and skip
certificate 
> authentication for some applications hosted on the same server.

I believe that, at least under SSL, certificates authenticate
*servers* not applications, and that the Connector offers a
certificate before it checks, or regardless of, the context
path within that server.

So you need to deploy each app at a different (virtual) host,
each with a different IP address.  We do this currently with
5.5.9.  You can use the default keystore for all hosts, and
use the (undocumented) keyAlias="myalias" Connector attribute
to offer the appropriate certificate for each host, e.g.

		<Connector
		  address="288.104.197.211"
		  port="8443"
		  scheme="https"
		  secure="true"
		  sslProtocol="TLS"
		  keyAlias="mrk2"
		/>

(in 5.5.9 you also need sslProtocol="TLS" explicitly)

Paul Singleton


-- 
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.323 / Virus Database: 267.8.8/35 - Release Date: 30/Jun/2005


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message