Thanks Bill, 1. My client doesn't throw an exception if the client and server's cert is identical and both are expired. If only one of them is expired, it thorws exception. I want to detect the expired situation even if both side are expired.
2. WebLogic detects expired cert. So, it means JSSE doesn't do this but does WebLogic have its own code to detect this? Thanks, On 2/22/06, Bill Barker <[EMAIL PROTECTED]> wrote: > > > "Jihwan Kim" <[EMAIL PROTECTED]> wrote in message > news:[EMAIL PROTECTED] > >Hi, > >I have this in my server.xml > > <Connector port="443" > > maxThreads="150" minSpareThreads="25" maxSpareThreads="75" > > enableLookups="false" disableUploadTimeout="true" > > acceptCount="100" debug="0" scheme="https" secure="true" > > clientAuth="true" sslProtocol="TLS" > > keystoreFile="c:/j2sdk1.4.2_09/jre/lib/security/cacerts" > >keystorePass="XXXX" /> > > > >cacerts is a self signed certificate. > > > >Whewn the certificate is expired, I would like to detect it and send a > >proper message to a client side user. > > This happens deep within JSSE, before normally any of your or Tomcat's > code > gets a chance to do anything. > > >So, 1. how can I detect the expired cert from a Java application client. > > Unless you configure your own TrustManager, the client will throw an > exception when you try to connect. > > > 2. Can I detect the expired cert during the Tomcat startup? > > Strangely, JSSE doesn't do this. Of course, there is nothing stopping > your > app from reading the cert from the KeyStore and checking yourself ;-). > > > > >Thank you. > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > >
