tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From george moudry <gmou...@attbi.com>
Subject client authentication problem: IE's "choose cert" dialog empty
Date Thu, 18 Apr 2002 06:27:52 GMT
I am trying to run Tomcat https with clientAuth="true", but my browser 
(IE) fails to authenticate. It presents a blank "select one of your 
certificates to use when connecting" screen.
My personal certificate that I usually use when connecting to Weblogic 
does not appear.
I believe that I installed the same server certs into tomcat as I 
installed into weblogic.

Question1) can anyone tell me the exact steps to create and install new 
certs on both tomcat and IE to make clientAuth work? (do I have to 
create the "personal" cert via OpenSSL?)
Question2) any ideas how to debug the handshake of my existing certs? 
Why do they work on Weblogic but not on Tomcat?
Thanks, George.

Some details:
I have Tomcat 4.0.3 running on 2 computers: Linux and Windows 2000.
On both Win and Linux I installed certificates via keytool:

 >keytool -list
Enter keystore password:  changeit
Keystore type: jks
Keystore provider: SUN
Your keystore contains 6 entries
john_apr15, Apr 15, 2002, trustedCertEntry,
Certificate fingerprint (MD5): 
EF:B8:24:40:6C:F9:2A:D4:39:3C:C4:C8:DB:5C:14:2F
zproot, Apr 14, 2002, trustedCertEntry,
Certificate fingerprint (MD5): 
21:40:3B:EC:C5:01:5E:22:EB:90:AC:05:4E:BB:8D:0C
tomcat, Apr 14, 2002, keyEntry,
Certificate fingerprint (MD5): 
90:F3:B9:04:BD:B1:BB:DF:FE:FC:F6:6B:0F:AE:C2:95
zplevel2, Apr 14, 2002, trustedCertEntry,
Certificate fingerprint (MD5): 
8D:B0:BB:02:88:94:65:11:5E:A8:A1:99:43:FD:51:34
zplevel1, Apr 14, 2002, trustedCertEntry,
Certificate fingerprint (MD5): 
4F:59:C8:8D:35:CE:AA:C6:21:B0:14:70:A1:1C:A8:E3
mykey, Apr 14, 2002, trustedCertEntry,
Certificate fingerprint (MD5): 
E6:1C:88:86:9A:09:52:9F:A0:37:83:84:58:A2:86:DB



--
To unsubscribe:   <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
For additional commands: <mailto:tomcat-user-help@jakarta.apache.org>
Troubles with the list: <mailto:tomcat-user-owner@jakarta.apache.org>


Mime
View raw message