I'm using Tomcat 5.5.17's HTTPS connector, with clientAuth set to "want".
(Note: I don't want Tomcat to do the authentication itself - I simply want to pass the client cert to the servlet for its own use; I'm trying to set up an *optional* client-cert-based authentication setup that can fall back to an application-specific login sequence.)
When I turn on SSL debugging on the client (-Djavax.net.debug=ssl,handshake,data,trustmanager), I see the certificate being loaded from the client's keystore (and presumably passed to the server).
However, I'm stuck trying to retrieve the client certificate from the ServletRequest in the servlet itself.
Q: How do I get to the client's X.509 certificate? Help! Thx, -- Shankar Unni. --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
