Yes, I imported the issuer of client certificate, (the issuer can self-signed or signed by others) into the trust store using Java keytool command.
Below is the web.xml settings... <security-constraint> <web-resource-collection> <web-resource-name> Protected Area </web-resource-name> <url-pattern>/private/*</url-pattern> </web-resource-collection> <user-data-constraint> <transport-guarantee>CONFIDENTIAL</transport-guarantee> </user-data-constraint> </security-constraint> <login-config> <auth-method>CLIENT-CERT</auth-method> </login-config> On 7 April 2010 20:50, Michael Dockery <dockeryjava...@yahoo.com> wrote: > Thank you. > > So did you load the ca root cert (self-signed "top of chain") into the > truststorefile? via keytool? > > also > > does your web app's web.xml have the following? > <login-config> > <auth-method>CLIENT-CERT</auth-method> > </login-config> > and > <security-constraint> > ... > <user-data-constraint> > <transport-guarantee>CONFIDENTIAL</transport-guarantee> > </user-data-constraint> > </security-constraint> > > > > > ________________________________ > From: Goo Sam Kong <skgo...@gmail.com> > To: Tomcat Users List <users@tomcat.apache.org> > Sent: Tue, April 6, 2010 10:21:49 PM > Subject: Re: smartcards for tomcat webapps > > On 6 April 2010 20:39, <dockeryjava...@yahoo.com> wrote: >> Anyone using smartcards for auth? >> >> If so, have specific example code excerpt and server.xml? > Minimum configuration changes required for HTTPS connector in > server.xml is to add attributes below and amend value of clientAuth > attribute from false to true or want. > > 1. truststoreFile > 2. truststorePass > 3. truststoreType > > <!-- Define a SSL HTTP/1.1 Connector on port 8443 > connectionTimeout="15000" --> > <Connector port="8443" maxHttpHeaderSize="8192" > maxThreads="150" minSpareThreads="25" maxSpareThreads="75" > enableLookups="false" disableUploadTimeout="true" > acceptCount="100" scheme="https" secure="true" > clientAuth="want/true" sslProtocol="TLS" > truststoreFile="xxxx" truststorePass="xxx" truststoreType="xxx" /> > > No code change required in server side. > > Refer to http://tomcat.apache.org/tomcat-5.5-doc/ssl-howto.html for > SSL configuration in server.xml. >> >> >> Sent from my Verizon Wireless BlackBerry >> >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >> For additional commands, e-mail: users-h...@tomcat.apache.org >> >> > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org