Hi, (Sorry for resending the same message. There were some typo. I am really sorry for resending)
First of all Filip and Bill, thanks a lot for such a good suggestion. Though I still didnt implement, but I will give a try according you said. One more question, can you tell me when the first user request an SSL request (i mean by https://www.mysite.com) then from which part of code sends server's certificate to client? Also, how can i protect, so that tomcat doesn't go to any Certificate Authority (CA) to clarify client's certificate? Getting control on whole handshaking is the perfect solution for me. And also seeing how tomcat do that handshaking (i mean from a to z of tomcat's handshaking, from client's sending "hello" to finally session key generation) will be a good help to know how to hook my own handshaking. Also, if you tell me where to see for the implementation, then I can get some idea while I am implementing my part of code. If you have any suggestion, please let me know. Regards, Jahid --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
