tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From <Dion_Vanseven...@psdi.com>
Subject Tomcat 3.2 standalone + SSL - Help please
Date Tue, 19 Dec 2000 22:26:25 GMT


I have followed the instructions in server.xml for configuring SSL with Tomcat.
When I try to access the SSL connection at http://ip.add.re.ss:8443, the server
thinks about it, then my browser (IE5) displays and empty certificates box for
me the select the certificate I want to use. The certificate I want to use is
the one created by following the tomcat-ssl-howto. I specified a keystore
directory when using the keytool command.

Perusing the Tomcat archives revealed nothing useful, but the OpenSSL FAQ
produced this interesting little tidbit:
                                                                                
 "What will typically happen is that when a server requests authentication it   
 will either not include your certificate or tell you that you have no client   
 certificates (Netscape) or present you with an empty list box (MSIE). The      
 reason for this is that when a server requests a client certificate it         
 includes a list of CAs names which it will accept. Browsers will only let you  
 select certificates from the list on the grounds that there is little point    
 presenting a certificate which the server will reject.                         
                                                                                
                                                                                
 The solution is to add the relevant CA certificate to your servers "trusted CA 
 list". How you do this depends on the server sofware in uses."                 
                                                                                
                                                                                
 Does this mean Tomcat needs to be configured to present the certificate? If    
 so, how and where?                                                             
                                                                                
                                                                                
 Thanks in advance.                                                             
                                                                                




Dion Vansevenant
Internetwork Administrator
MRO.com



Mime
View raw message