tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From André Warnier>
Subject Re: Using different SSL-connector settings for various Context
Date Tue, 04 Feb 2014 12:03:48 GMT
Арсений Зинченко wrote:
> Hi.
> Task is - have ability to use HTTP/HTTPS without clientAuth for ROOT, but
> enable two-factor auth (clientAuth="true" and using trustedstore.jks) for
> other Context.
> Can somebody please any tips?

I don't know much about SSL, but isn't the answer right here ?


Set to true if you want the SSL stack to require a valid certificate chain from the client

before accepting a connection. Set to want if you want the SSL stack to request a client 
Certificate, but not fail if one isn't presented. A false value (which is the default) 
will not require a certificate chain unless the client requests a resource protected by a

security constraint that uses CLIENT-CERT authentication.

If I understand the above correctly, then setting clientAuth="false" in the Connector, and

then requesting a CLIENT-CERT authentication only in your "other Context", should do the 
trick, no ?

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message