tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Twan Munster" <t.muns...@emaxx.nl>
Subject solution problems with ssl client authentication
Date Wed, 15 Oct 2003 10:05:52 GMT
Hello,

Here's the solution for some major problems, which i expirienced getting client authentication
to work. I'll post it to help people save time. It cost me more than a week to get it working
and the solution is so simple it can be done in less than half an hour.

Problem 1 getting excisting certificates in keystore
If you already have a ca,client and server certificate this is what to do:

openssl pkcs12 -export -in servercert.crt -inkey mykey.key 
                        -out servercert.p12 -name tomcat -CAfile myCA.crt 
                        -caname root -chain

this is the only command that works, trust me i've tried a lot to ;-)

than set in server.xml in ssl connector keystoreType =PKCS12

Problem 2 certificate is not trusted

on the net all sorts of solutions are given, but this is the only one I got working.
The only solution is adding manually with a program like keytool or keyman the CA certificate
of the client to 
JAVA_HOME\jre\lib\security\cacerts

creating truststore, adding 
CATALINA_OPTS="-Djavax.net.ssl.trustStore=PATH_TO_TRUSTSTORE
-Djavax.net.ssl.trustStorePassword=PASSWORD_FROM_TRUSTSTORE"
didn't work for me

Hope it helps a lot of people,

Twan
Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message