tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Mark Balz <>
Subject Re: Tomcat 4 - SSL - Client Authentication
Date Mon, 20 Jan 2003 09:27:55 GMT
Have you checked the permissions to the directory where your keystore is 
held?  The process running the webserver must of course be able to read 
the keystore.
 - CB

Shiva.Devaguptapu wrote:

>	I am using Tomcat 4 on a linux system. I am trying to enable SSL
>client authentication enabled. I want the client to be the Internet
>Explorer, running
>on Win2K, my desktop. I found the following steps on the net and tried.
>*	Create keys on the server
>*	Create the certificate on the server
>*	Uncomment the required part in the server.xml of Tomcat
>*	Enter appropriate values for the attributes in server.xml as :
>				    <Connector
>				               port="8453" minProcessors="5"
>				               enableLookups="true"
>				               acceptCount="10" debug="0"
>scheme="https" secure="true">
>				      <Factory
>				               keystorePass="changeit"
>				               clientAuth="true"
>				    </Connector>
>*	Create keys on the client
>*	Create the certificate on the client
>*	Import the cliet certificate on the server
>*	Import the client certificate into Internet Explorer
>	Now I started tomcat and I tried to access from the IE, the URL
> - then the Client Authentication dialog box
>without any certificates in the list, as a result I cannot select any
>certificate, and
>if I click on OK button, it says page cannot be displayed.
>	I also tried importing the client certificate into
>on the serverand even that did not solve the problem and even I tried
>the server certificate on the client side into
>and into IE as well and even after the problem is not solved.
>	I am including all the commands I used to perform the above steps.
>Can anyone help me out in getting this done.
>Thanks in advance,
>Commnands used
>***For generating server keys on Linux***
>keytool -genkey -alias tomcat-sv \
>  -keyalg RSA -keypass changeit \
>  -storepass changeit \
>  -keystore $CATALINA_HOME/keystore/server.keystore
>***this keystore directory is created by me***
>***For generating server cetificate on Linux***
>keytool -export -alias tomcat-sv \
>  -storepass changeit \
>  -file server.cer \
>  -keystore $CATALINA_HOME/keystore/server.keystore
>***For generating client keys on Win2K***
>keytool -genkey -alias tomcat-cl ^
>  -keyalg RSA -keypass changeit ^
>  -storepass changeit ^
>  -keystore C:\ssltest\mykeystore\client.keystore
>***For generating client cetificate on Win2K***
>keytool -export -alias tomcat-cl ^
>  -storepass changeit ^
>  -file C:\ssltest\client.cer ^
>  -keystore C:\ssltest\mykeystore\client.keystore
>***For importing the client certificate on the server***
>keytool -import -v -trustcacerts \
>  -alias tomcat -file client.cer \
>  -keypass changeit \
>  -storepass changeit \
>  -keystore /home/lotto/lotto/utilities/tomcat/keystore/server.keystore
>To unsubscribe, e-mail:   <>
>For additional commands, e-mail: <>

". . . / This Cabinet is formd of Gold / And Pearl & Crystal shining bright
And within it opens into a World / . . .
Another England there I saw / Another London with its Tower
Another Thames & other Hills / And another pleasant Surrey Bower
. . ."
- from "The Crystal Cabinet", a poem by William Blake.

To unsubscribe, e-mail:   <>
For additional commands, e-mail: <>

View raw message