Yes, I imported the issuer of client certificate, (the issuer can
self-signed or signed by others) into the trust store using Java
keytool command.

Below is the web.xml settings...

        <security-constraint>
                <web-resource-collection>
                        <web-resource-name>
                                Protected Area
                        </web-resource-name>
                        <url-pattern>/private/*</url-pattern>
                </web-resource-collection>
                <user-data-constraint>
                        <transport-guarantee>CONFIDENTIAL</transport-guarantee>
                </user-data-constraint>
        </security-constraint>
        <login-config>
                <auth-method>CLIENT-CERT</auth-method>
        </login-config>

On 7 April 2010 20:50, Michael Dockery <dockeryjava...@yahoo.com> wrote:
> Thank you.
>
> So did you load the  ca root cert (self-signed "top of chain") into the 
> truststorefile?   via keytool?
>
> also
>
> does your web app's web.xml have the following?
>  <login-config>
>    <auth-method>CLIENT-CERT</auth-method>
>  </login-config>
> and
> <security-constraint>
> ...
>    <user-data-constraint>
>    <transport-guarantee>CONFIDENTIAL</transport-guarantee>
>    </user-data-constraint>
> </security-constraint>
>
>
>
>
> ________________________________
> From: Goo Sam Kong <skgo...@gmail.com>
> To: Tomcat Users List <users@tomcat.apache.org>
> Sent: Tue, April 6, 2010 10:21:49 PM
> Subject: Re: smartcards for tomcat webapps
>
> On 6 April 2010 20:39,  <dockeryjava...@yahoo.com> wrote:
>> Anyone using smartcards for auth?
>>
>> If so, have specific example code excerpt and server.xml?
> Minimum configuration changes required for HTTPS connector in
> server.xml is to add attributes below and amend value of clientAuth
> attribute from false to true or want.
>
> 1. truststoreFile
> 2. truststorePass
> 3. truststoreType
>
>    <!-- Define a SSL HTTP/1.1 Connector on port 8443
> connectionTimeout="15000" -->
>    <Connector port="8443" maxHttpHeaderSize="8192"
>               maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
>               enableLookups="false" disableUploadTimeout="true"
>               acceptCount="100" scheme="https" secure="true"
>               clientAuth="want/true" sslProtocol="TLS"
>           truststoreFile="xxxx" truststorePass="xxx" truststoreType="xxx" />
>
> No code change required in server side.
>
> Refer to http://tomcat.apache.org/tomcat-5.5-doc/ssl-howto.html for
> SSL configuration in server.xml.
>>
>>
>> Sent from my Verizon Wireless BlackBerry
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>> For additional commands, e-mail: users-h...@tomcat.apache.org
>>
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>
>

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Reply via email to