Skip to main content

Client Authentication in Tomcat (HTTPS)

1 reply [Last post]
Joined: 2006-08-24


I have an application that runs as a filter inside tomcat (and tomcat is the webserver). This application receieves requests from external parties, and I need to authenticate these requests.

I am using HTTPS certificates. The server (me) authentication at the client seems to be well discussed ( but I am not sure about how to configure my tomcat to authenticate the client certificates.

Setting "clientAuth = true" seems to only enforce that the client send their certificate, but how is the actual authentication done?

If this is not the right forum, can someone please direct me to the correct one?


Reply viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.
Joined: 2006-09-06

There is some interesting stuff here:

Starting from the bottom of page 41.

Hope this helps.