i need some indications or help regarding client certificate access to web applications.
i have a servlet based web application running on port 443. login is done with user/pasword but i want to enhance the system security and allow connections only for those clients that have a valid client certificate.
on server side "need client authent" is activ and i cannot get a connection to the server regarding that i have no valid certificate. good ... but how i create this certificate. shure i need some file to import as certificate in my browser ...
is it possible to do all work with java's keytool ?
do you know about a step-by-step how to ?
thank you in advance,
Environment: Jetty 5, Java 1.5