On 2014-12-02 08:09, Andrew Gronosky wrote:
As I discovered yesterday, if you have a client cert that is signed by a CA that Tomcat trusts, but whose name (synonymously, CN) does not map to a recognized user, then you will connect to Tomcat but get an HTTP 401 error as your response. If the user name is recognized but lacks the required role, you get HTTP 403.
Correction: you get HTTP 401 in both cases, I misremembered. -- Andrew Gronosky Raytheon BBN Technologies 10 Moulton Street Cambridge, MA 02138 voice: 617-873-3486 --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
