Thax - Wiki DevelopmentWindows Binaries of OpenSSL
SSL Client Auth with tomcat
Also mentions directory level protection
More client auth stuff from http://tomcat.apache.org/tomcat-5.0-doc/ssl-howto.html
Set this value to true if you want Tomcat to require all SSL clients to present a client Certificate in order to use this socket. Set this value to want if you want Tomcat to request a client Certificate, but not fail if one isn't presented.
More things about the cert that was presented to the Server in a Client-Auth session
Keytool and client auth
Tomcat and CRL checking
Looks like only tomcat 5.5.10??
- The New Face of Phishing - Mentions SSL use (Equifax)
- Phollow the Phlopping Phish (as above)
- VeriSign issues false Microsoft digital certificates - March 22, 2001 3:43 pm PT