tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Rodrigo Ruiz" <>
Subject Client Certificates on Tomcat 3.3.1
Date Tue, 20 Aug 2002 09:41:49 GMT
Hi all,

I'm trying to setup a secure connection between Tomcat 3.3.1 and a java soap

My soap service simply prints out some request data, and also the content of


Following some example code I found on Internet (I'm not sure this code
should function)

I have followed the instructions in the FAQ, and generated
all certificates with keytool.

Firstly, I configured tomcat with clientAuth set to false, and used a basic
authentication scheme in my web-app. It worked fine. When connecting through
my client, the service prints the next info:

Authorization: BASIC
Remote User: tomcat
Secured: true
Principal: tomcat
No client certificate is available

If I set clientAuth to true, it still works, but it keeps showing the "No
client certificate available" message.

The big problem comes when I configure my web-app to use CLIENT-CERT
authorization scheme.
It simply returns a 401 error code.

Any one can help me, please??

Thanks in advance,
Rodrigo Ruiz Aguayo

PS: Following is the bat file I'm using to generate the keystores:

del server.keystore
del client.keystore

copy %JAVA_HOME%\jre\lib\security\cacerts .\server.keystore
copy %JAVA_HOME%\jre\lib\security\cacerts .\client.keystore

REM Change default passwords
keytool -storepasswd -keystore server.keystore -storepass changeit -new
keytool -storepasswd -keystore client.keystore -storepass changeit -new

REM Create server.keystore
keytool -genkey -alias tomcat-sv -dname
"CN=neyade,OU=InnerGrid,O=GridSystems,L=Palma,S=Baleares,C=ES" -keyalg
RSA -keypass 123456 -storepass 123456 -keystore server.keystore
keytool -export -alias tomcat-sv -storepass 123456 -file
server.cer -keystore server.keystore

REM Import server certificate as a trusted CA in the client keystore
keytool -import -v -trustcacerts -alias tomcat -file server.cer -keystore
client.keystore -keypass 123456 -storepass 123456

REM Create client keystore
keytool -genkey -alias rruiz -dname
"CN=rruiz,OU=InnerGrid,O=GridSystems,L=Palma,S=Baleares,C=ES" -keyalg
RSA -keypass 123456 -storepass 123456 -keystore client.keystore
keytool -export -alias rruiz -storepass 123456 -file rruiz.cer -keystore

keytool -import -v -trustcacerts -alias tomcat -file rruiz.cer -keystore
server.keystore -keypass 123456 -storepass 123456

To unsubscribe, e-mail:   <>
For additional commands, e-mail: <>

View raw message