Reputation: 27
client/certificate authentication by server in tomcat
Can anyone tell me what is client/certificate authentication by server in tomcat, in our application we are getting certificate as part of request parameter and doing validation of certificate, does that mean we are doing client/certificate authentication? i guess we are doing certificate validation in application code which means its application level and we are not doing any client/certificate authentication at server level.. can anyone please confirm this
Upvotes: 1
Views: 2398
Answers (1)
Reputation: 15446
what is client/certificate authentication by server in tomcat
It is two way SSL authentication. When SSL is enabled on the sever, the server cert should be there client trusted certs store.
Similarly, when the client/certificate authentication is enabled, the client SSL cert should be there in server trusted cert store.
we are getting certificate as part of request parameter and doing validation of certificate, does that mean we are doing client/certificate authentication?
No. That is application validation. But, who is setting in the request parameter.
NOTE: This client cert authentication is done by Container. But, the container provides the ssl properties using request parameters.
Look here to know what properties are set by the server when the connection is secure.
Upvotes: 2
Related Questions
- Tomcat and SSL Client certificate
- Tomcat Client Authentication using SSL
- Retrieve client cert in Servlet when using mutual authentication?
- Client authentication in server Tomcat
- Database based ssl client authentication in Tomcat
- SSL HandShake - Client Authentication
- Tomcat 7 ssl client authenitcation
- Java Manual Client Certificate Authentication
- Tomcat as a client. Web application on Tomcat does not use SSL client certificate
- Mutual Client Authentication Get Certificate in Servlet