tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jean-frederic clere <jfrederic.cl...@fujitsu-siemens.com>
Subject Re: Client Certificates with Tomcat 4 standalone
Date Thu, 11 Oct 2001 08:43:33 GMT
David Heggie wrote:
> 
> Hi,
> 
> I have been trying to set up client-cert authentication and have had no
> success at present. The first attempt was to set up ssl and set clientAuth
> to true.
> 
> <Connector className="org.apache.catalina.connector.http.HttpConnector"
>                port="8443" minProcessors="5" maxProcessors="75"
>                enableLookups="true"
>                acceptCount="10" debug="1" scheme="https" secure="true">
>       <Factory className="org.apache.catalina.net.SSLServerSocketFactory"

keystorePass="changeit"?

>                clientAuth="true" protocol="TLS"/>
> </Connector>
>  
> The normal ssl works fine with clientAuth=false but when it is true the
> browser comes up with an error "the page cannot be displayed".

Are you sure the CA is stored in /usr/java/jdk1.3.1/jre/lib/security/cacerts? TC
proposes a list of accepted CA's to the browser and it takes the list from
there.

> 
> My second attampt was to setup the default web-app security/protected
> example to use CLIENT-AUTH auth.
> 
> <login-config>
>       <auth-method>CLIENT-CERT</auth-method>
>       <realm-name>Example Form-Based Authentication Area</realm-name>
> </login-config>
> 
> When I browse to that directory the browser comes up with the same error but
> this time the following is in the localhost_examples log.
> 
> CertificatesValve[/examples]:  verify: SSLPeerUnverifiedException
> 
> Does anyone know what this means, or how I can get this client certificate
> thing working.
> 
> Thanks
> 
> David

Mime
View raw message