I have noticed that in Tomcat 8.5.15 on the Windows Server 2008 Operating
System that the way that tomcat presents user certificates has changed. I
have a trust store that I use on the tomcat 8.5.14 version that has only
DoD intermediate Email certificates which makes it so when users go to the
site they are prompted for only their email cert. When upgrading to 8.5.15
I used the same trust store and it now prompts for all certificates on the
computer. I am not sure if that is intended behavior or an oversight but it
is kind of confusing to users to be presented certificates that they can't
use. Another reason for having them only select the email cert is that only
the email certificate contains the information that we need to get their
user ID. I want to see if anyone else is having this issue or if anyone has
noticed that when specifying a trust store in Tomcat 8.5.15 that it will
present the user with all the certificates they have rather than only the
ones that the trust store will accept. To rule out an issue with my server
xml I have installed both 8.5.15 and 8.5.14 on the server and used the
exact same server.xml file and I see that the 8.5.14 version will ask the
user for only 1 cert and that the 8.5.15 version will ask the user for all
certs. If anyone has a fix for this or might know what is going on or if
there is an extra configuration needed that would be helpful.
