tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Арсений Зинченко <>
Subject Re: Using different SSL-connector settings for various Context
Date Tue, 04 Feb 2014 12:47:00 GMT
Yes, this is exactly what I'm want and I see this manual to.
But - how to specify different clientAuth= for different Context's ? I
found "SSL Authenticator
- but there is nohting about how to do it... And I don't see any
possibility to make with any other Context

2014-02-04 André Warnier <>:

> Арсений Зинченко wrote:
>> Hi.
>> Task is - have ability to use HTTP/HTTPS without clientAuth for ROOT, but
>> enable two-factor auth (clientAuth="true" and using trustedstore.jks) for
>> other Context.
>> Can somebody please any tips?
> I don't know much about SSL, but isn't the answer right here ?
> clientAuth
> Set to true if you want the SSL stack to require a valid certificate chain
> from the client before accepting a connection. Set to want if you want the
> SSL stack to request a client Certificate, but not fail if one isn't
> presented. A false value (which is the default) will not require a
> certificate chain unless the client requests a resource protected by a
> security constraint that uses CLIENT-CERT authentication.
> If I understand the above correctly, then setting clientAuth="false" in
> the Connector, and then requesting a CLIENT-CERT authentication only in
> your "other Context", should do the trick, no ?
> ---------------------------------------------------------------------
> To unsubscribe, e-mail:
> For additional commands, e-mail:

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message