O'Reilly logo

Spring Security - Third Edition by Peter Mularien, Robert Winch, Mick Knutson

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Configuring the Tomcat trust store

Recall that the definition of a key pair includes both a private and public key. Similar to  SSL certificates verifying and securing server communication, the validity of the client certificate needs to be verified by the certifying authority that created it.

As we have created our own self-signed client certificate using the keytool command, the Java VM will not implicitly trust it as having been assigned by a trusted certificate authority.

Let's take a look at the following steps:

  1. We will need to force Tomcat to recognize the certificate as a trusted certificate. We do this by exporting the public key from the key pair and adding it to the Tomcat trust store.
  2. Again, if you do not wish to perform this ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required