4 Replies Latest reply on Jul 19, 2006 3:24 PM by Adam Warski

    CLIENT-CERT configuration

    Adam Warski Master

      Hello,
      I want to secure a servlet so that you can connect to it only if you have a certificate.
      To do it, firstly I have setup tomcat to support https as in scenarion 3 here:
      http://wiki.jboss.org/wiki/Wiki.jsp?page=SSLSetup
      The only difference is that in server.xml, I left clientAuth="false", as I want the rest of the pages to be accessible in a normal way.

      Later, I configured my web applicaton as it is described here:
      http://docs.jboss.org/jbossas/jboss4guide/r5/html/ch8.chapter.html#d0e19521

      The result I get is, when I don't have the certificate registered, it denies access, but when I have - I get an error message:
      HTTP Status 401 - Cannot authenticate with the provided credentials

      Did I miss something?

      --
      Cheers,
      Adam