glassfish_at_javadesktop.org wrote On 05/15/07 13:01,:
>Following up to my own question:
>
>I generated a self signed certificate and imported it into Firefox, then I also imported it into GlassFish.
>
>I then modified http-listener-2 to require client authentication by clicking on the checkbox labeled "Client Authentication" on the SSL tab. I also added the default s1as certificate nickname. I saved the changes and restarted glassfish.
>
>The server now requires the certificate from the browser, however it does when trying to access any application through port 8181. I would like to do this only for certain applications.
>
>
In this case, do not enforce SSL client authentication at the HTTP
listener level.
Instead, specify CLIENT-CERT as the auth-method in the web.xml of the
webapps
that require SSL client authentication.
Jan