tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ryan LeCompte" <>
Subject SSL mutual authentication problem with Tomcat5
Date Thu, 18 Nov 2004 19:07:08 GMT
I'm trying to have a standalone Java client communicate via SSL with a
remote Tomcat5 server. I'm setting the two system properties for specifying
the SSL trust store path and trust store password. The client is able to
successfully communicate via SSL when Tomcat is configured to not require
client-side authentication (for example in tomcat the configuration
attribute 'clientAuth="false"' would be used). However, when I turn on this
attribute and require client-side authentication, the client fails to
communicate successfully with the Tomcat5 server. The following exception is
java.rmi.RemoteException: HTTP transport error:
Software caused connection abort: recv failed; nested exception is: 
 HTTP transport error: Software caused connection
abort: recv failed
 at  .....
Is there anything else that must occur on the client side when the remote
web server requires a client-side certification authentication? I'm still
new to SSL, so perhaps I have the basic concept confused. Do I have to
import another certification in the client-side keystore for this to work? I
looked in the SSL HOW-TO but didn't find an answer to my question. I also
tried importing all of the certificates in the client keystore into the
"cacerts" file in JAVA_HOME/jre/lib/security/cacerts.
Here is the connector configuration for SSL in server.xml:
<!-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 -->

<Connector port="8443" 

maxThreads="150" minSpareThreads="25" maxSpareThreads="75"

enableLookups="false" disableUploadTimeout="true"

acceptCount="100" debug="0" scheme="https" secure="true"

clientAuth="true" sslProtocol="TLS"

keystoreFile="C:\ssl\sslWSCerts.keystore" keystorePass="changeit"/>


Thank you for any help that you may be able to provide.

-- Ryan 

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message