tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Mahesh S Kudva" <mahesh.ku...@robosoftin.com>
Subject Re: Certificate Authentication for individual apps
Date Sat, 02 Jul 2005 03:58:03 GMT
Hi All

Thanks for the note. May be I was not clear in my earlier mail.


I have client authentication using certificates. I want to skip client 
auth for certain hosted applications on the server but preserve client 
auth for other apps.

Regards & Thanks
================
Mahesh S Kudva


-----Original Message-----
From: Paul Singleton <paul@jbgb.com>
To: Tomcat Users List <tomcat-user@jakarta.apache.org>
Date: Fri, 01 Jul 2005 15:32:12 +0100
Subject: Re: Certificate Authentication for individual apps

> Mahesh S Kudva wrote:
> 
> > How can I have different certificate authentication for different
> applications and skip certificate 
> > authentication for some applications hosted on the same server.
> 
> I believe that, at least under SSL, certificates authenticate
> *servers* not applications, and that the Connector offers a
> certificate before it checks, or regardless of, the context
> path within that server.
> 
> So you need to deploy each app at a different (virtual) host,
> each with a different IP address.  We do this currently with
> 5.5.9.  You can use the default keystore for all hosts, and
> use the (undocumented) keyAlias="myalias" Connector attribute
> to offer the appropriate certificate for each host, e.g.
> 
> 		<Connector
> 		  address="288.104.197.211"
> 		  port="8443"
> 		  scheme="https"
> 		  secure="true"
> 		  sslProtocol="TLS"
> 		  keyAlias="mrk2"
> 		/>
> 
> (in 5.5.9 you also need sslProtocol="TLS" explicitly)
> 
> Paul Singleton
> 
> 
> -- 
> No virus found in this outgoing message.
> Checked by AVG Anti-Virus.
> Version: 7.0.323 / Virus Database: 267.8.8/35 - Release Date:
> 30/Jun/2005
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org



-------------------------------------------------------
Robosoft Technologies - Partners in Product Development



---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message