tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Xia, Hong" <>
Subject RE: SSL mutual communication problem with Tomcat5 --- Remote host closed connection during handshake
Date Tue, 13 Sep 2005 19:08:44 GMT
Thanks for your help Mark.

When I imported the client cert, I pick the 'Automatically select the certificate store ...'
option and the certificate appeared under the Trusted Root.

I tried to place the certificate under Personal and Other People but the certificate did not
appear after the import. 

-----Original Message-----
From: Mark Thomas []
Sent: Tuesday, September 13, 2005 2:56 PM
To: Tomcat Users List
Subject: Re: SSL mutual communication problem with Tomcat5 --- Remote
host closed connection during handshake

Xia, Hong wrote:
> Hello,
> I am trying to set up Tomcat5 ( as standalone web server ) with https mutal authentication.

> There is the connector config
> <Connector port="443" maxHttpHeaderSize="8192"
>                maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
>                enableLookups="true" disableUploadTimeout="true"
>                acceptCount="100" scheme="https" secure="true"
>                keystoreFile="F:\Apache Software Foundation\keystores\serverstore.jks"
>                keystorePass="changeit"
>                clientAuth="true"  sslProtocol="TLS"/>
> The keys and keystore were created using Keytool
> Client certificate client.cer was sent to the client machine which uses IE6 to connect
the tomcat server. IE6 imported the client certificate into IE6 under the Trusted Root Certification
> When the client IE6 connects to the tomcat web server, the Client Authentication Window
appeared without the client certificate. 
> Tomcat log gives following error:
> *** CertificateRequest
> Cert Types: RSA, DSS, 
> Cert Authorities:
> <, OU=IS, O=Plug Power, L=Latham, ST=New York, C=US>
> <CN=Client, OU=TRL, O=IBM, L=Yamato-shi, ST=Kanagawa-ken, C=JP>
> *** ServerHelloDone
> http-443-Processor25, WRITE: SSLv3 Handshake, length = 938
> http-443-Processor25, received EOFException: error
> http-443-Processor25, handling exception: Remote
host closed connection during handshake
> http-443-Processor25, SEND SSLv3 ALERT:  fatal, description = handshake_failure
> http-443-Processor25, WRITE: SSLv3 Alert, length = 2
> http-443-Processor25, called closeSocket()
> http-443-Processor25, called close()
> http-443-Processor25, called closeInternal(true)
> Has anyone know why does this error happen? I am suspecting that IE6 has a problem with
the imported client.cer file but I am not able to pinpoint it.
> Your help will be very much appreciated.
> Hong

You need to import the client cert as a user cert, not as a trusted 
root certificate.


To unsubscribe, e-mail:
For additional commands, e-mail:

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message