tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From André Warnier ...@ice-sa.com>
Subject Re: Using different SSL-connector settings for various Context
Date Tue, 04 Feb 2014 12:03:48 GMT
Арсений Зинченко wrote:
> Hi.
> 
> Task is - have ability to use HTTP/HTTPS without clientAuth for ROOT, but
> enable two-factor auth (clientAuth="true" and using trustedstore.jks) for
> other Context.
> 
> Can somebody please any tips?
> 

I don't know much about SSL, but isn't the answer right here ?

http://tomcat.apache.org/tomcat-7.0-doc/config/http.html#SSL_Support

clientAuth	

Set to true if you want the SSL stack to require a valid certificate chain from the client

before accepting a connection. Set to want if you want the SSL stack to request a client 
Certificate, but not fail if one isn't presented. A false value (which is the default) 
will not require a certificate chain unless the client requests a resource protected by a

security constraint that uses CLIENT-CERT authentication.

If I understand the above correctly, then setting clientAuth="false" in the Connector, and

then requesting a CLIENT-CERT authentication only in your "other Context", should do the 
trick, no ?


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message