tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mark Thomas <>
Subject Re: Question related to mutual authentication
Date Thu, 09 Nov 2017 10:02:14 GMT
On 8 November 2017 21:09:11 GMT+00:00, Nicolas Therrien <>


>My understanding is that when "certificateVerification" is set to
>"required", the server would perform the same verification as the
>client does, that is:
>1) Verify the incoming certificate is signed by an authority that is
>part of the local truststore.


>2) Verify that the incoming certificate's common name matches the
>hostname of the peer we are communicating with.


The client very is intended to prove the identity of the user, not the host the happen to
be using.


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message