Return-Path: Mailing-List: contact tomcat-user-help@jakarta.apache.org; run by ezmlm Delivered-To: mailing list tomcat-user@jakarta.apache.org Received: (qmail 40570 invoked from network); 22 Aug 2003 07:12:46 -0000 Received: from unknown (HELO madimc2.indra.es) (213.170.46.10) by daedalus.apache.org with SMTP; 22 Aug 2003 07:12:46 -0000 Received: from madarrclex5.indra.es ([192.168.10.22]) by madimc2.indra.es with Microsoft SMTPSVC(5.0.2195.5329); Fri, 22 Aug 2003 09:03:17 +0200 Content-Class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable X-MimeOLE: Produced By Microsoft Exchange V6.0.6249.0 Subject: RE: Tomcat SSL client authentication problem with Internet Explore Date: Fri, 22 Aug 2003 09:03:37 +0200 Message-ID: <7FEFE1706ED63E468F27305FCC15B3F1027D0FCC@MADARRCLEX5.indra.es> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: Tomcat SSL client authentication problem with Internet Explore thread-index: AcNoZXizpWgPUzwTSr2bALE1qL2scQAFacmg From: =?iso-8859-1?Q?=22Rat=F3n_Lacarcel=2C_Antonio=22?= To: "Tomcat Users List" X-OriginalArrivalTime: 22 Aug 2003 07:03:17.0765 (UTC) FILETIME=[76AA6350:01C3687B] X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N Hi again... CA cert is installed in MSIE's root certificates (also in = Mozilla root certificates) but the box is still empty. Any idea? T= hank you!!! -----Mensaje original----- De: Bill Barker [mailto:wbarke= r@wilshire.com] Enviado el: viernes, 22 de agosto de 2003 6:17 Para: to= mcat-user@jakarta.apache.org Asunto: Re: Tomcat SSL client authenticatio= n problem with Internet Explore I'm guessing that you didn't instal= l your CA's cert in MSIE's root certificates. Since Tomcat will ask for= certs signed by your CA, if MSIE can't find any (that it can verify the= chain with), you get an empty box. "Rat=F3n Lacarcel, Antonio" wrote in message news:7FEFE1706ED63E468F27305FCC15B3F1027D0F= CB@MADARRCLEX5.indra.es... Hi! I have a problem with Tomcat 4.0.6 and= SSL client authentication. When I use the Internet Explorer browser (v6= .0) and I try to access the secure URL (for example https://whatever:804= 3), an empty list of certificates is presented. However, if I use Mozill= a 1.4 or Netscape 4.76, the client certificates are presented and the s= ecure pages are available. The following environment is used: + jd= k1.3.1_08 + Microsoft Certificate Server + Tomcat 4.0.6 My server.= xml file has the following element: I have al= so created the keystores and the cacerts (for trusted certificates) file= s. Tomcat also finds the cacerts file because I've added the following p= arameters in the Tomcat enviroment variables (and because I've seen it in= the debug console): -Djavax.net.ssl.trustStore=3Dc:\path_to_cacerts\ca= certs -Djavax.net.ssl.trustStorePassword=3Dchangeit I have defined my= own CA, my server-tomcat certificate signed by the CA and in order to c= reate the client certificates, I've used the Certificate Server web tool= , asking for a web certificate using each browser (Netscape-IE-Mozilla) = and installing the client certificate from the browser. Could you hel= p me please? If more info is needed, please tell it to me and I will t= ry to explain the problem with higher detail. Thanks in advance and s= orry if my english is too simple... Antonio Rat=F3n --- Outgoing m= ail is certified Virus Free. Checked by AVG anti-virus system (http://ww= w.grisoft.com). Version: 6.0.511 / Virus Database: 308 - Release Date: 1= 8/08/2003 ------------------------------------------------------------= ---------------- --------------------------------------- Este correo el= ectr=F3nico y, en su caso, cualquier fichero anexo al mismo, contiene in= formaci=F3n de car=E1cter confidencial exclusivamente dirigida a su dest= inatario o destinatarios. Queda prohibida su divulgaci=F3n, copia o dist= ribuci=F3n a terceros sin la previa autorizaci=F3n escrita de Indra. En e= l caso de haber recibido este correo electr=F3nico por error, se ruega n= otificar inmediatamente esta circunstancia mediante reenv=EDo a la direc= ci=F3n electr=F3nica del remitente. The information in this e-mail an= d in any attachments is confidential and solely for the attention and us= e of the named addressee(s). You are hereby notified that any disseminat= ion, distribution or copy of this communication is prohibited without th= e prior written consent of Indra. If you have received this communicatio= n in error, please, notify the sender by reply e-mail ---------= ------------------------------------------------------------ To unsubscr= ibe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org For additional c= ommands, e-mail: tomcat-user-help@jakarta.apache.org --- Incoming m= ail is certified Virus Free. Checked by AVG anti-virus system (http://ww= w.grisoft.com). Version: 6.0.511 / Virus Database: 308 - Release Date: 1= 8/08/2003 --- Outgoing mail is certified Virus Free. Checked by A= VG anti-virus system (http://www.grisoft.com). Version: 6.0.511 / Virus = Database: 308 - Release Date: 18/08/2003 ----------------------------= -------------------------------------------------------------------------= -------------- Este correo electr=F3nico y, en su caso, cualquier ficher= o anexo al mismo, contiene informaci=F3n de car=E1cter confidencial exclu= sivamente dirigida a su destinatario o destinatarios. Queda prohibida su = divulgaci=F3n, copia o distribuci=F3n a terceros sin la previa autorizaci= =F3n escrita de Indra. En el caso de haber recibido este correo electr=F3= nico por error, se ruega notificar inmediatamente esta circunstancia medi= ante reenv=EDo a la direcci=F3n electr=F3nica del remitente. The infor= mation in this e-mail and in any attachments is confidential and solely f= or the attention and use of the named addressee(s). You are hereby notifi= ed that any dissemination, distribution or copy of this communication is = prohibited without the prior written consent of Indra. If you have receiv= ed this communication in error, please, notify the sender by reply e-mail=