Арсений Зинченко wrote:
Hi.
Task is - have ability to use HTTP/HTTPS without clientAuth for ROOT, but
enable two-factor auth (clientAuth="true" and using trustedstore.jks) for
other Context.
Can somebody please any tips?
I don't know much about SSL, but isn't the answer right here ?
http://tomcat.apache.org/tomcat-7.0-doc/config/http.html#SSL_Support
clientAuth
Set to true if you want the SSL stack to require a valid certificate chain from the client
before accepting a connection. Set to want if you want the SSL stack to request a client
Certificate, but not fail if one isn't presented. A false value (which is the default)
will not require a certificate chain unless the client requests a resource protected by a
security constraint that uses CLIENT-CERT authentication.
If I understand the above correctly, then setting clientAuth="false" in the Connector, and
then requesting a CLIENT-CERT authentication only in your "other Context", should do the
trick, no ?
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
