tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Bob Herrmann <...@jadn.com>
Subject Re: SSL client auth in Tomcat 4.0
Date Tue, 15 Oct 2002 17:42:53 GMT

I have gotten clientAuth=true working with Tomcat 5.

It is important to get the trusted certificates properly defined.  

I did this,

export
CATALINA_OPTS="-Djavax.net.ssl.trustStore=/home/bob/issues/ssl/cacerts.jks -Djavax.net.ssl.trustStorePassword=changeit"

And sometimes defined this to get extra info.
#  -Djavax.net.debug=ssl,handshake,data,trustmanager"

Cheers,
-bob


On Mon, 2002-10-14 at 20:13, Steven Bradley wrote:
> I'm using Tomcat 4.0 standalone on Windows 2000 and am having trouble 
> getting SSL client authentication working (getting SSL server auth working 
> was a snap).  Here's what I've done so far:
> 
> * created a self-signed client cert using openSSL (key usage includes 
> digital signature)
> * imported client cert (and private key) into Internet Explorer (by way of 
> a PKCS#12 file)
> * imported the Tomcat JKS file with the client certificate
> * configure tomcat server.xml file as follows:
> 
>      <Connector className="org.apache.catalina.connector.http.HttpConnector"
>                 port="443"
>                 minProcessors="5"
>                 maxProcessors="75"
>                 enableLookups="true"
> 	       	   acceptCount="10"
> 	       	   debug="0"
> 	       	   scheme="https"
> 	       	   secure="true">
> 		<Factory className="org.apache.catalina.net.SSLServerSocketFactory"
>                 clientAuth="true"
> 	       	   keystoreFile="conf/server.keystore"
> 	       	   keystorePass	="password"
>                 protocol="TLS"/>
>      </Connector>
> 
> * stop/start tomcat
> * point IE browser to https://localhost/index.html
> 
> What IE tells me is that the page can't be displayed (after some 
> handshaking attempts).  Unfortunately, there is no log info generated (even 
> if I increase the debug param in the <Connector> element).
> 
> Any clues as to what I may be doing wrong?  Has ANYONE been able to get SSL 
> client authentication working with Tomcat 4.0 standalone (Catalina).
> 
> Thanks in advance
> -- Steven
> 
> 
> --
> To unsubscribe, e-mail:   <mailto:tomcat-dev-unsubscribe@jakarta.apache.org>
> For additional commands, e-mail: <mailto:tomcat-dev-help@jakarta.apache.org>



--
To unsubscribe, e-mail:   <mailto:tomcat-dev-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-dev-help@jakarta.apache.org>


Mime
View raw message