Reputation: 145
How to make Tomcat 7 prompt for a client certificate
I have a Tomcat 7.0.62 installation and I want it to prompt for a client certificate on users connection. I am using native library and APR and this is the connector that I am using:
<Connector SSLCertificateFile="Y:\server.pem" SSLCertificateKeyFile="Y:\server.pem" SSLEnabled="true" clientAuth="true" maxThreads="32" port="8443" protocol="org.apache.coyote.http11.Http11AprProtocol" scheme="https" secure="true"/>
As far as I know, that would be enough. The clientAuth option should make the browser ask the user for a certificate. However, when I access to https://localhost:8443 nothing happens. I have double-checked I have valid certificates in my certificate store.
Do you know what am I doing wrong?
Regards,
Upvotes: 0
Views: 423
Answers (1)
Reputation: 145
I am sorry. I misread the documentation. The HTTPS APR connector attribute to ask the client for a certificate is SSLVerifyClient as you can read in https://tomcat.apache.org/tomcat-7.0-doc/config/http.html#SSL_Support_-_APR/Native.
<Connector port="9443" protocol="org.apache.coyote.http11.Http11AprProtocol"
maxThreads="5" SSLEnabled="true" scheme="https" secure="true"
SSLVerifyClient="optionalNoCA" sslProtocol="TLSv1" SSLEngine="on"
SSLCertificateFile="C:\localhost-rsa-cert.pem"
SSLCertificateKeyFile="C:localhost-rsa-key.pem" />
Upvotes: 1
Related Questions
- Tomcat and SSL Client certificate
- How to use client certificate with tomcat 9?
- Read out incoming certificate in Tomcat
- Tomcat client cert validation
- prompt for (any) client certificate only from a specific servlet
- Get client certificate DN in tomcat
- Tomcat 7 ssl client authenitcation
- Java Manual Client Certificate Authentication
- client/certificate authentication by server in tomcat
- disable client certificate prompt