tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Mahesh S Kudva" <mahesh.ku...@robosoftin.com>
Subject Re: Client Authentication
Date Tue, 03 May 2005 13:52:59 GMT
Hi 

It seems like a silly question. But I am new to SSL and Certificates as 
well as Tomcat.

If my machines IP is 192.168.0.1 then I access tomcat as 
https://192.168.0.1:8443. Keeping this mind should I give the Common Name 
as 192.168.0.1 ??? 

How do I specify the client info in the tomcat-users.xml?

<user name=mahesh password=kudva role="admin">

This is how my tomcat-users.xml file looks like. 

Regards & Thanks
================
Mahesh S Kudva


-----Original Message-----
From: "lercoli" <lercoli@dynaproc.com>
To: "Tomcat Users List" <tomcat-user@jakarta.apache.org>
Date: Tue, 3 May 2005 14:33:46 +0200
Subject: Re: Client Authentication

> CA and Tomcat  common name should be the same (localhost or better your
> DNS).
> First and Last Name of client sould the name of a Tomcat user declared
> in
> tomcat-users.xml.
> 
> Luca Ercoli
> 
> ----- Original Message ----- 
> From: "Mahesh S Kudva" <mahesh.kudva@robosoftin.com>
> To: "Tomcat Users List" <tomcat-user@jakarta.apache.org>
> Sent: Tuesday, May 03, 2005 1:41 PM
> Subject: Re: Client Authentication
> 
> 
> > Hi
> >
> > What kind of information do i need to put in the fields of First and
> Last
> > name and Common name. Will any information do or is it required that
> I
> > need to put in the server address in the client.p12 certificate..
> >
> > Regards & Thanks
> > ================
> > Mahesh S Kudva
> >
> >
> > -----Original Message-----
> > From: "Mahesh S Kudva" <mahesh.kudva@robosoftin.com>
> > To: "Tomcat Users List" <tomcat-user@jakarta.apache.org>
> > Date: Mon, 02 May 2005 23:04:50 +0530
> > Subject: Re: Client Authentication
> >
> > > Hi
> > >
> > > I tried with client.p12 first, when i failed I went on with
> > > client_cert.x509. I placed it in the personal folder ...
> > >
> > > Regards & Thanks
> > > ================
> > > Mahesh S Kudva
> > >
> > >
> > > -----Original Message-----
> > > From: "lercoli" <lercoli@dynaproc.com>
> > > To: "Tomcat Users List" <tomcat-user@jakarta.apache.org>
> > > Date: Mon, 2 May 2005 17:31:54 +0200
> > > Subject: Re: Client Authentication
> > >
> > > > You should import only client.p12 certificate in IE browser and
> > > > when IE asks you in which folder you want to put it select
> Personal
> > > > Folder.
> > > >
> > > > I hope it helps you.
> > > >
> > > > Luca Ercoli
> > > >
> > > >
> > > > ----- Original Message ----- 
> > > > From: "Mahesh S Kudva" <mahesh.kudva@robosoftin.com>
> > > > To: <tomcat-user@jakarta.apache.org>
> > > > Sent: Monday, May 02, 2005 5:08 PM
> > > > Subject: Client Authentication
> > > >
> > > >
> > > > > Dear All
> > > > >
> > > > > I've been able to setup Tomcat 5.0.30 successfully on port
> 8443. I
> > > > want to
> > > > > use client authentication. Hence i've enabled clientAuth=true
> in
> > > > > server.xml
> > > > >
> > > > > Running on Mac OS X these were the commands to create a CA and
> sign
> > > a
> > > > > certificate using this CA.
> > > > >
> > > > > Creating a new CA:
> > > > > 1) perl CA.pl -newca
> > > > >
> > > > > Certificate request using openssl:
> > > > > 1) perl CA.pl -newreq
> > > > > 2) perl CA.pl -sign
> > > > > 3) mv newreq.pem client_req.pem
> > > > > 4) mv newcert.pem client_cert.pem
> > > > > 5) openssl rsa < client_req.pem > client_key.pem
> > > > > 6) openssl pkcs12 -export -in client_cert.pem -inkey
> client_key.pem
> > > > -out
> > > > >    client.p12
> > > > >
> > > > > For Tomcat using Java keytool to request certificate:
> > > > > 1) openssl x509 -in server_cert.pem -out server.x509
> > > > > 2) openssl pkcs12 -export -in server_cert.pem -inkey
> server_key.pem
> > > > >    -out server.p12
> > > > > 3) keytool -genkey -alias meAsClient -storepass changeit
> > > > > 4) keytool -certreq -alias measclient -file client.csr
> -storepass
> > > > changeit
> > > > > 5) openssl x509   -req -CA demoCA/cacert.pem -CAkey
> > > > >    demoCA/private/cakey.pem -extensions v3_ca -in client.csr
> > > -inform
> > > > DER
> > > > >    -out client_cert.x509 -CAcreateserial
> > > > > 6) keytool -import -alias butterflyCA -keystore /Syst..
> > > > ..urity/cacerts
> > > > >    -file ../CA/demoCA/cacert.pem
> > > > > 7) keytool -import -alias measclient -keystore clientstore
> > > > -trustcacerts
> > > > >    -file client_cert.x509
> > > > >
> > > > >
> > > > > Following these commands I dont get any errors. I then import
> the
> > > > > cacert.pem, the ROOT CA certificate and the client.p12 and
> > > > > client_cert.x509 to the browser I.E 6.0. But still there is a
> popup
> > > > > requesting for the clients identity and it asks me to select a
> > > > > certificate and no certificates are displayed.
> > > > >
> > > > > How can I go about this?
> > > > >
> > > > >
> > > > > All suggestion and ideas are welcome.
> > > > >
> > > > >
> > > > >
> > > > > Regards & Thanks
> > > > > ================
> > > > > Mahesh S Kudva
> > > > >
> > > > >
> > > > >
> > > > > -------------------------------------------------------
> > > > > Robosoft Technologies - Partners in Product Development
> > > > >
> > > > >
> > > > >
> > > > >
> > >
> ---------------------------------------------------------------------
> > > > > To unsubscribe, e-mail:
> tomcat-user-unsubscribe@jakarta.apache.org
> > > > > For additional commands, e-mail:
> > > tomcat-user-help@jakarta.apache.org
> > > > >
> > > > >
> > > > >
> > > >
> > > >
> > > >
> > > >
> ---------------------------------------------------------------------
> > > > To unsubscribe, e-mail:
> tomcat-user-unsubscribe@jakarta.apache.org
> > > > For additional commands, e-mail:
> tomcat-user-help@jakarta.apache.org
> >
> >
> >
> > -------------------------------------------------------
> > Robosoft Technologies - Partners in Product Development
> >
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> > For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
> >
> >
> >
> 
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org



-------------------------------------------------------
Robosoft Technologies - Partners in Product Development



---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message