Tomcat client certificate authentication for SSL

S

Sam

Hello,

I am running a web service as a filter inside tomcat. I need to
configure it to perform mutual (both server and client) authentication,
with SSL. (My app is the server). Looking at
http://tomcat.apache.org/tomcat-4.0-doc/ssl-howto.html tells me how to
configure the server cert. But how can I make tomcat authenticate the
client cert before passing it to my app? Is this doable?
From the docs, setting the clientAuth=true seems to configure tomcat to
force a client cert request. But does tomcat actually authenticate the
cert? (I am assuming my client certs can be issued by Verisign). Is
there some documentation somewhere on how to get this done?

Thanks,
Sam
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

No members online now.

Forum statistics

Threads
473,744
Messages
2,569,484
Members
44,903
Latest member
orderPeak8CBDGummies

Latest Threads

Top