> In this case, do not enforce SSL client
> authentication at the HTTP
> listener level.
>
> Instead, specify CLIENT-CERT as the auth-method in
> the web.xml of the
> webapps
> that require SSL client authentication.
I tried that, unfortunately the CLIENT-CERT auth-method apparently is being ignored.
The server is not asking for a client certificate unless I enforce SSL client authentication at the HTTP
listener level. This has the side effect of requiring client certificates for all applications accessed via https on port 8181.
My web.xml is listed in my original message, do you see anything wrong with it?
Thanks for the suggestion,
Eraser
[Message sent by forum member 'eraser' (eraser)]
http://forums.java.net/jive/thread.jspa?messageID=217252