Return-Path: 
 <tomcat-dev-return-20116-qmlist-jakarta-archive-tomcat-dev=jakarta.apache.org@jakarta.apache.org>
Delivered-To: apmail-jakarta-tomcat-dev-archive@apache.org
Received: (qmail 65820 invoked from network); 15 Oct 2002 08:34:13 -0000
Received: from unknown (HELO nagoya.betaversion.org) (192.18.49.131)
  by daedalus.apache.org with SMTP; 15 Oct 2002 08:34:13 -0000
Received: (qmail 21389 invoked by uid 97); 15 Oct 2002 08:35:07 -0000
Delivered-To: qmlist-jakarta-archive-tomcat-dev@jakarta.apache.org
Received: (qmail 21367 invoked by uid 97); 15 Oct 2002 08:35:06 -0000
Mailing-List: contact tomcat-dev-help@jakarta.apache.org; run by ezmlm
Precedence: bulk
List-Unsubscribe: <mailto:tomcat-dev-unsubscribe@jakarta.apache.org>
List-Subscribe: <mailto:tomcat-dev-subscribe@jakarta.apache.org>
List-Help: <mailto:tomcat-dev-help@jakarta.apache.org>
List-Post: <mailto:tomcat-dev@jakarta.apache.org>
List-Id: "Tomcat Developers List" <tomcat-dev.jakarta.apache.org>
Reply-To: "Tomcat Developers List" <tomcat-dev@jakarta.apache.org>
Delivered-To: mailing list tomcat-dev@jakarta.apache.org
Received: (qmail 2213 invoked by uid 98); 15 Oct 2002 00:12:54 -0000
X-Antivirus: nagoya (v4218 created Aug 14 2002)
Message-Id: <5.0.0.25.2.20021014170544.00afe928@popcorn.llnl.gov>
X-Sender: bradley11@popcorn.llnl.gov
X-Mailer: QUALCOMM Windows Eudora Version 5.0
Date: Mon, 14 Oct 2002 17:13:55 -0700
To: tomcat-dev@jakarta.apache.org
From: Steven Bradley <sbradley@llnl.gov>
Subject: SSL client auth in Tomcat 4.0
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N
X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N

I'm using Tomcat 4.0 standalone on Windows 2000 and am having trouble 
getting SSL client authentication working (getting SSL server auth working 
was a snap).  Here's what I've done so far:

* created a self-signed client cert using openSSL (key usage includes 
digital signature)
* imported client cert (and private key) into Internet Explorer (by way of 
a PKCS#12 file)
* imported the Tomcat JKS file with the client certificate
* configure tomcat server.xml file as follows:

     <Connector className="org.apache.catalina.connector.http.HttpConnector"
                port="443"
                minProcessors="5"
                maxProcessors="75"
                enableLookups="true"
	       	   acceptCount="10"
	       	   debug="0"
	       	   scheme="https"
	       	   secure="true">
		<Factory className="org.apache.catalina.net.SSLServerSocketFactory"
                clientAuth="true"
	       	   keystoreFile="conf/server.keystore"
	       	   keystorePass	="password"
                protocol="TLS"/>
     </Connector>

* stop/start tomcat
* point IE browser to https://localhost/index.html

What IE tells me is that the page can't be displayed (after some 
handshaking attempts).  Unfortunately, there is no log info generated (even 
if I increase the debug param in the <Connector> element).

Any clues as to what I may be doing wrong?  Has ANYONE been able to get SSL 
client authentication working with Tomcat 4.0 standalone (Catalina).

Thanks in advance
-- Steven


--
To unsubscribe, e-mail:   <mailto:tomcat-dev-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-dev-help@jakarta.apache.org>