Yes, I imported the issuer of client certificate, (the issuer can
self-signed or signed by others) into the trust store using Java
keytool command.
Below is the web.xml settings...
<security-constraint>
<web-resource-collection>
<web-resource-name>
Protected Area
</web-resource-name>
<url-pattern>/private/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>CLIENT-CERT</auth-method>
</login-config>
On 7 April 2010 20:50, Michael Dockery <dockeryjava...@yahoo.com> wrote:
> Thank you.
>
> So did you load the ca root cert (self-signed "top of chain") into the
> truststorefile? via keytool?
>
> also
>
> does your web app's web.xml have the following?
> <login-config>
> <auth-method>CLIENT-CERT</auth-method>
> </login-config>
> and
> <security-constraint>
> ...
> <user-data-constraint>
> <transport-guarantee>CONFIDENTIAL</transport-guarantee>
> </user-data-constraint>
> </security-constraint>
>
>
>
>
> ________________________________
> From: Goo Sam Kong <skgo...@gmail.com>
> To: Tomcat Users List <users@tomcat.apache.org>
> Sent: Tue, April 6, 2010 10:21:49 PM
> Subject: Re: smartcards for tomcat webapps
>
> On 6 April 2010 20:39, <dockeryjava...@yahoo.com> wrote:
>> Anyone using smartcards for auth?
>>
>> If so, have specific example code excerpt and server.xml?
> Minimum configuration changes required for HTTPS connector in
> server.xml is to add attributes below and amend value of clientAuth
> attribute from false to true or want.
>
> 1. truststoreFile
> 2. truststorePass
> 3. truststoreType
>
> <!-- Define a SSL HTTP/1.1 Connector on port 8443
> connectionTimeout="15000" -->
> <Connector port="8443" maxHttpHeaderSize="8192"
> maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
> enableLookups="false" disableUploadTimeout="true"
> acceptCount="100" scheme="https" secure="true"
> clientAuth="want/true" sslProtocol="TLS"
> truststoreFile="xxxx" truststorePass="xxx" truststoreType="xxx" />
>
> No code change required in server side.
>
> Refer to http://tomcat.apache.org/tomcat-5.5-doc/ssl-howto.html for
> SSL configuration in server.xml.
>>
>>
>> Sent from my Verizon Wireless BlackBerry
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>> For additional commands, e-mail: users-h...@tomcat.apache.org
>>
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
