tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Dean Trafelet" <dtrafe...@dcwis.com>
Subject Re: Client Authentication
Date Mon, 02 May 2005 16:48:33 GMT
Dear Sir or Madam:  I am Judge Dean M. Trafelet.  Your emails are improperly
being sent to my email address.  Please remove me from you list immediately.
DMT

----- Original Message ----- 
From: "lercoli" <lercoli@dynaproc.com>
To: "Tomcat Users List" <tomcat-user@jakarta.apache.org>
Sent: Monday, May 02, 2005 10:31 AM
Subject: Re: Client Authentication


> You should import only client.p12 certificate in IE browser and
> when IE asks you in which folder you want to put it select Personal 
> Folder.
>
> I hope it helps you.
>
> Luca Ercoli
>
>
> ----- Original Message ----- 
> From: "Mahesh S Kudva" <mahesh.kudva@robosoftin.com>
> To: <tomcat-user@jakarta.apache.org>
> Sent: Monday, May 02, 2005 5:08 PM
> Subject: Client Authentication
>
>
>> Dear All
>>
>> I've been able to setup Tomcat 5.0.30 successfully on port 8443. I want 
>> to
>> use client authentication. Hence i've enabled clientAuth=true in
>> server.xml
>>
>> Running on Mac OS X these were the commands to create a CA and sign a
>> certificate using this CA.
>>
>> Creating a new CA:
>> 1) perl CA.pl -newca
>>
>> Certificate request using openssl:
>> 1) perl CA.pl -newreq
>> 2) perl CA.pl -sign
>> 3) mv newreq.pem client_req.pem
>> 4) mv newcert.pem client_cert.pem
>> 5) openssl rsa < client_req.pem > client_key.pem
>> 6) openssl pkcs12 -export -in client_cert.pem -inkey client_key.pem -out
>>    client.p12
>>
>> For Tomcat using Java keytool to request certificate:
>> 1) openssl x509 -in server_cert.pem -out server.x509
>> 2) openssl pkcs12 -export -in server_cert.pem -inkey server_key.pem
>>    -out server.p12
>> 3) keytool -genkey -alias meAsClient -storepass changeit
>> 4) keytool -certreq -alias measclient -file client.csr -storepass 
>> changeit
>> 5) openssl x509   -req -CA demoCA/cacert.pem -CAkey
>>    demoCA/private/cakey.pem -extensions v3_ca -in client.csr -inform DER
>>    -out client_cert.x509 -CAcreateserial
>> 6) keytool -import -alias butterflyCA -keystore /Syst.. ..urity/cacerts
>>    -file ../CA/demoCA/cacert.pem
>> 7) keytool -import -alias measclient -keystore clientstore -trustcacerts
>>    -file client_cert.x509
>>
>>
>> Following these commands I dont get any errors. I then import the
>> cacert.pem, the ROOT CA certificate and the client.p12 and
>> client_cert.x509 to the browser I.E 6.0. But still there is a popup
>> requesting for the clients identity and it asks me to select a
>> certificate and no certificates are displayed.
>>
>> How can I go about this?
>>
>>
>> All suggestion and ideas are welcome.
>>
>>
>>
>> Regards & Thanks
>> ================
>> Mahesh S Kudva
>>
>>
>>
>> -------------------------------------------------------
>> Robosoft Technologies - Partners in Product Development
>>
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
>> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>>
>>
>>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
>
> 



---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message