Peter,

if updating your application is out of the question, I'm guessing that there is no way to achieve this.

If updating your application is an option, you can set the clientAuth attribute of your connector to 'want' instead of 'true' and then try to detect within your app, if the client provided a valid certificate and redirect them to an error page if that is not the case.

Source: https://stackoverflow.com/a/46488689/1180010

Sebastian

On 06.02.2025 18:59, Peter Rader wrote:
Hi,


I have a website that use mutual authentication for over 100 persons very
successfull since years.

Sometimes a client-certificate in the truststore of the server must be
deactivated, maybe the person died or his/her device got pinched.

As soon as the user access the website using a browser who has the client
certificate installed in the certificate-store of the browser, the website is
unavailable. Fair enougth! A generic website is displayed in the browser. For
firefox the message "SSL_ERROR_CERTIFICATE_UNKNOWN_ALERT" appears. Thats fair
and good.

However, is there a way to have a custom website instead of the browser's
built-in error-page?


Kind regards

Peter Rader
--
Fachinformatiker AE / IT Software Developer
Peter Rader
Wilsnacker Strasse 17
10559 Berlin - GERMANY
Tel: 0049 (0)30 / 6 29 33 29 6
Fax: 0049 (0)30 / 6 29 33 29 6
Handy: 0049 (0)176 / 87 521 576
Handy: 0049 (0)176 / 47 876 303

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Reply via email to