SSL and Client Certificate Authentication
Secure sockets layer (SSL) is a secure transport mechanism that ensures privacy and data integrity through encryption. Additionally, SSL allows verification of client and server identity. For more information on SSL, see http://home.netscape.com/eng/ssl3/3-spec.htm.
SSL is designed so that it can be layered on top of existing servers. The details of adding SSL to a web server are server dependent; see your server documentation for details. Resin's technical FAQ provides detailed instructions for layering SSL on stand-alone Resin; it and can be found at http://www.caucho.com/products/resin/ref/faq.xtp.
Client certificate authentication is implemented with SSL and requires the client to possess a public key certificate. Although Tomcat 4.0 plans to support client certificate authentication, at the time of this writing it did not.