Hi,Sorry for sending this again. I sent a post with a png picture attached, but I am not sure it got through.
None of the archives seem to do a good job of dealing with images [1]
So here it is again, in case my mails got munged:I was looking for how I could set up a SSL connection in Tomcat 6.x in order to force clients to present a client Certificate. But I don't want the server to do any verification of the certificates given to it. As long the server can make sure that the client knows the private key of the certificate I am happy.
I then want to program a servlet (or whatever the right abstraction level should be) to work with the X501 client key information and an extra header, to decide whether it can or not trust the client. The client os not a normal web browser btw, but a semantic address book written in Java.
Bruno Harbulot suggested I use the optional_no_ca option of Apache HTTPD http://httpd.apache.org/docs/2.2/mod/mod_ssl.htmlbut I was hoping to be able to get the same effect without needing to use apache (as that makes setup just one step more complex).
To give you a bit of background on what I am attempting to do you can read up on the post I wrote recently
http://blogs.sun.com/bblfish/entry/rdfauth_sketch_of_a_buzzwordAnd I wrote about an even simpler version using https, the one I am exploring, here
http://permalink.gmane.org/gmane.comp.java.restlet/4734 Henry [1] the best I got was with http://tinyurl.com/5my5kb
smime.p7s
Description: S/MIME cryptographic signature
