tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Kenneth Westelinck" <>
Subject Re: Tomcat 4 + ssl + client authentication
Date Fri, 10 Oct 2003 06:13:11 GMT
>Client cert verification is done against the TrustStore, not the KeyStore.
>Tomcat 5 has some improvements for this.  Tomcat 4 is still a bit limited.
> > I have no idea what is goin wrong. Can someone tell me how to make this
> > work?
> >
>Assuming that you don't want to just import the signing cert into cacerts
>(see the JSSE docs for how to do this), then you need to have something
>At the moment, your TrustStore file has to be in the same format as your
>KeyStore file (a nasty limitation that I haven't gotten around to fixing 
Yep, done that. Yesterday after sending this mail I was able to get it to 
work authenticating using the imported client key in Mozilla and putting the 
signed client key in this truststore. So it is working now using Mozilla 
So now I found out there is a keyStore property as well (stupid me), and I 
was able to authenticate using my Java client against the server (nice 
again). If someone is interested in the code, this is the client part (just 
for testing):

	System.setProperty("", "f:/client.keystore");
        System.setProperty("", "f:/client.keystore");

		HttpClient httpclient = new HttpClient();
		Protocol myhttps =
			new Protocol(
				new StrictSSLProtocolSocketFactory(false),
		httpclient.getHostConfiguration().setHost("myhost", 8443, myhttps);
		GetMethod httpget = new GetMethod("/");

with StrictSSLProtocolSocketFactory the same code as the sample code you can 
download from the Apache/HTTPClient site. One question though ... suppose 
the client keyStore has different keys, how can one tell to the code to use 
key A or key B (for the moment there's only one key in this keyStore). Using 
mozilla it is simple, he just asks which key to use.

Thank you for your help.



Mis onze Back To School special niet!

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message