tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Delbecq <>
Subject Re: Tomcat and client certificates
Date Wed, 01 Feb 2006 18:44:49 GMT
Yes, it is possible. From connector configuration doc:
  Set this value to true if you want Tomcat to require all SSL clients to 
present a client Certificate in order to use this socket.
  Set this value to want if you want Tomcat to request a client Certificate, 
but not fail if one isn't presented.

So in your configuration, change clientAuth="false" to clientAuth="want" and 
connector will accept connection be there a certificate or not. But don't 
means access to /html/* will be refused to users not presenting a certificate. 
(They can still access other webapps in tomcat if those have a login-config 
not based on certificate and they can also browse in ssl the non restricted 
area of client-cert based webapp)
for sensitive areas, you might also be interrested in adding, in particular 
for basic authentification based webapps

Le Mercredi 01 Février 2006 17:55, Markus a écrit :
>Creating client certs is no problem, I already had client
>authentication working on the Connector-Level.
>In other words: it is NOT possible in tomcat to have a webapp with
>BOTH, a private part with ssl AND client authentication and a public
>part with ssl but WITHOUT client authentication?
>That would be sad.
>To unsubscribe, e-mail:
>For additional commands, e-mail:


David Delbecq
Royal Meteorological Institute of Belgium

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message