tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Mahesh S Kudva" <>
Subject Client Authentication
Date Mon, 02 May 2005 15:08:38 GMT
Dear All

I've been able to setup Tomcat 5.0.30 successfully on port 8443. I want to 
use client authentication. Hence i've enabled clientAuth=true in 

Running on Mac OS X these were the commands to create a CA and sign a 
certificate using this CA.

Creating a new CA:
1) perl -newca

Certificate request using openssl:
1) perl -newreq
2) perl -sign
3) mv newreq.pem client_req.pem
4) mv newcert.pem client_cert.pem
5) openssl rsa < client_req.pem > client_key.pem
6) openssl pkcs12 -export -in client_cert.pem -inkey client_key.pem -out 

For Tomcat using Java keytool to request certificate:
1) openssl x509 -in server_cert.pem -out server.x509
2) openssl pkcs12 -export -in server_cert.pem -inkey server_key.pem 
   -out server.p12  
3) keytool -genkey -alias meAsClient -storepass changeit
4) keytool -certreq -alias measclient -file client.csr -storepass changeit
5) openssl x509   -req -CA demoCA/cacert.pem -CAkey  
   demoCA/private/cakey.pem -extensions v3_ca -in client.csr -inform DER
   -out client_cert.x509 -CAcreateserial
6) keytool -import -alias butterflyCA -keystore /Syst.. ..urity/cacerts 
   -file ../CA/demoCA/cacert.pem
7) keytool -import -alias measclient -keystore clientstore -trustcacerts 
   -file client_cert.x509

Following these commands I dont get any errors. I then import the 
cacert.pem, the ROOT CA certificate and the client.p12 and 
client_cert.x509 to the browser I.E 6.0. But still there is a popup 
requesting for the clients identity and it asks me to select a 
certificate and no certificates are displayed.

How can I go about this?

All suggestion and ideas are welcome.

Regards & Thanks
Mahesh S Kudva

Robosoft Technologies - Partners in Product Development

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message