tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Dean Trafelet" <dtrafe...@dcwis.com>
Subject Re: Client Authentication
Date Mon, 02 May 2005 17:43:28 GMT
You have reached Judge Dean M. Trafelet without authorization.  Remove me 
from your email list immediately.
----- Original Message ----- 
From: "Mahesh S Kudva" <mahesh.kudva@robosoftin.com>
To: "Tomcat Users List" <tomcat-user@jakarta.apache.org>
Sent: Monday, May 02, 2005 12:34 PM
Subject: Re: Client Authentication


> Hi
>
> I tried with client.p12 first, when i failed I went on with
> client_cert.x509. I placed it in the personal folder ...
>
> Regards & Thanks
> ================
> Mahesh S Kudva
>
>
> -----Original Message-----
> From: "lercoli" <lercoli@dynaproc.com>
> To: "Tomcat Users List" <tomcat-user@jakarta.apache.org>
> Date: Mon, 2 May 2005 17:31:54 +0200
> Subject: Re: Client Authentication
>
>> You should import only client.p12 certificate in IE browser and
>> when IE asks you in which folder you want to put it select Personal
>> Folder.
>>
>> I hope it helps you.
>>
>> Luca Ercoli
>>
>>
>> ----- Original Message ----- 
>> From: "Mahesh S Kudva" <mahesh.kudva@robosoftin.com>
>> To: <tomcat-user@jakarta.apache.org>
>> Sent: Monday, May 02, 2005 5:08 PM
>> Subject: Client Authentication
>>
>>
>> > Dear All
>> >
>> > I've been able to setup Tomcat 5.0.30 successfully on port 8443. I
>> want to
>> > use client authentication. Hence i've enabled clientAuth=true in
>> > server.xml
>> >
>> > Running on Mac OS X these were the commands to create a CA and sign a
>> > certificate using this CA.
>> >
>> > Creating a new CA:
>> > 1) perl CA.pl -newca
>> >
>> > Certificate request using openssl:
>> > 1) perl CA.pl -newreq
>> > 2) perl CA.pl -sign
>> > 3) mv newreq.pem client_req.pem
>> > 4) mv newcert.pem client_cert.pem
>> > 5) openssl rsa < client_req.pem > client_key.pem
>> > 6) openssl pkcs12 -export -in client_cert.pem -inkey client_key.pem
>> -out
>> >    client.p12
>> >
>> > For Tomcat using Java keytool to request certificate:
>> > 1) openssl x509 -in server_cert.pem -out server.x509
>> > 2) openssl pkcs12 -export -in server_cert.pem -inkey server_key.pem
>> >    -out server.p12
>> > 3) keytool -genkey -alias meAsClient -storepass changeit
>> > 4) keytool -certreq -alias measclient -file client.csr -storepass
>> changeit
>> > 5) openssl x509   -req -CA demoCA/cacert.pem -CAkey
>> >    demoCA/private/cakey.pem -extensions v3_ca -in client.csr -inform
>> DER
>> >    -out client_cert.x509 -CAcreateserial
>> > 6) keytool -import -alias butterflyCA -keystore /Syst..
>> ..urity/cacerts
>> >    -file ../CA/demoCA/cacert.pem
>> > 7) keytool -import -alias measclient -keystore clientstore
>> -trustcacerts
>> >    -file client_cert.x509
>> >
>> >
>> > Following these commands I dont get any errors. I then import the
>> > cacert.pem, the ROOT CA certificate and the client.p12 and
>> > client_cert.x509 to the browser I.E 6.0. But still there is a popup
>> > requesting for the clients identity and it asks me to select a
>> > certificate and no certificates are displayed.
>> >
>> > How can I go about this?
>> >
>> >
>> > All suggestion and ideas are welcome.
>> >
>> >
>> >
>> > Regards & Thanks
>> > ================
>> > Mahesh S Kudva
>> >
>> >
>> >
>> > -------------------------------------------------------
>> > Robosoft Technologies - Partners in Product Development
>> >
>> >
>> >
>> > ---------------------------------------------------------------------
>> > To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
>> > For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>> >
>> >
>> >
>>
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
>> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
>
>
> -------------------------------------------------------
> Robosoft Technologies - Partners in Product Development
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
>
> 



---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message