Recall that the definition of a key pair includes both a private and public key. Similar to SSL certificates verifying and securing server communication, the validity of the client certificate needs to be verified by the certifying authority that created it.
As we have created our own self-signed client certificate using the keytool command, the Java VM will not implicitly trust it as having been assigned by a trusted certificate authority.
Let's take a look at the following steps:
- We will need to force Tomcat to recognize the certificate as a trusted certificate. We do this by exporting the public key from the key pair and adding it to the Tomcat trust store.
- Again, if you do not wish to perform this ...