tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Duan, Nick" <>
Subject RE: Tomcat and client certificates
Date Wed, 01 Feb 2006 15:25:31 GMT
The clientAuth attribute of the connector has to be set to true.  Then
you will need a client cert to access resources under /html/*, but not
other pages.  See the Tomcat SSL guide on how to create the client cert.


-----Original Message-----
From: Markus [] 
Sent: Wednesday, February 01, 2006 9:22 AM
To: Tomcat Users List
Subject: Re: Tomcat and client certificates

Setting clientAuth to true / false in the Connector configuration
works fine, but how do I configure client authenticaton on a
per-directory or even per-servlet basis?

This is my current configuration:

In server.xml:
    <Connector port="8443"
               maxThreads="150" minSpareThreads="25"
               enableLookups="false" disableUploadTimeout="true"
               acceptCount="100" debug="0" scheme="https" secure="true"
               clientAuth="false" sslProtocol="TLS"
               keystoreFile="\...\keystore.jks" keystorePass="wonttell"

In web.xml:

And here are the results I get:

https://domain/anypage : OK
https://domain/html/anypage : HTTP Status 403 - Access to the
requested resource has been denied

The logfile says:

01.02.2006 15:19:57 org.apache.coyote.http11.Http11Processor action
WARNING: Exception getting SSL Cert Socket Closed

What's wrong with my configuration?


To unsubscribe, e-mail:
For additional commands, e-mail:

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message