tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Craig R. McClanahan" <>
Subject Re: IE4 SSL -> Tomcat 4 (clientAuth=true)
Date Tue, 03 Oct 2000 18:10:56 GMT
See below.

"O'Hagan, Shaun" wrote:

> Hi Criag,
> Thanks for the answer
> >The stack trace is an ugly way for Tomcat 4.0 to respond (which will be
> fixed),
> >but the key issue is that you need to go acquire a *client* certificate
> from
> >some certificate authority (Verisign has free 30-day trial certificates in
> the
> >US, not sure about Europe), and install it in your browser.  What's
> happening is
> >that Tomcat is asking your browser to upload it's certificates, but you
> don't
> >have installed so it is not able to validate you.
> I followed your advice and obtained a certificate from verisign but I'm
> still getting the same error and having alot of frustration here :-(

I'm not sure we are talking about the same thing yet.

For client authentication to be used, you have to get a certificate for your
*client* (i.e. your browser), and install it there (I'm sure the Verisign site
has instructions for this, because that's exactly what I did) -- you would be
using "keytool" only if you're generating a *server* certificate.  You might
want to do this later, instead of the self-signed certificate that has already
been created, but it does not have anything to do with client authentication.

Once you get a client certificate installed correctly and access the protected
site, your browser will say something like "this site is requesting a client
certificate; which one should I send?" and offer you a dialog box containing all
the client certificates you've imported into your browser.


See you at ApacheCon Europe <>!
Session VS01 (23-Oct 13h00-17h00):  Sun Technical Briefing
Session T06  (24-Oct 14h00-15h00):  Migrating Apache JServ
                                    Applications to Tomcat

View raw message