I don't know how to set this on Tomcat - maybe you can ask on their
mailing list.
If you'd use glassfish, its very similar to that sample, but instead of
file realm, you'd have to use certificate realm and update other
settings accordingly. Just remember you need to set "require client
certificate" (or something like this) because it is not commonly turned
on by default.
Client certificate need to be stored in client keystore and that should
be sufficient. You might need to implicitly set it as "use certificate
to authenticate"; see https-clientserver-grizzly sample for inspiration.
Certificates can be generated using java keytool or even other tools,
just google for it (or I can do it for you: Keytool documentation:
http://download.oracle.com/javase/1.3/docs/tooldocs/win32/keytool.html).
Nice article about security in java can be found here:
http://download.oracle.com/javase/6/docs/technotes/guides/security/jsse/JSSERefGuide.html.
Pavel
On 4/13/11 11:26 AM, steben wrote:
> so if I understand, what I need now is to create 2 certificats for server
> and client for authentication, to get a high level of security, because I
> need to have a high level of security, one more question once the
> certificats are created where should I declare this certificats,
>
> --
> View this message in context: http://jersey.576304.n2.nabble.com/Jersey-https-tomcat-tp6266431p6268284.html
> Sent from the Jersey mailing list archive at Nabble.com.
>