tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mark Thomas <ma...@apache.org>
Subject Re: SSL mutual communication problem with Tomcat5 --- Remote host closed connection during handshake
Date Tue, 13 Sep 2005 18:56:28 GMT
Xia, Hong wrote:
> Hello,
> 
> I am trying to set up Tomcat5 ( as standalone web server ) with https mutal authentication.

> There is the connector config
> <Connector port="443" maxHttpHeaderSize="8192"
>                maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
>                enableLookups="true" disableUploadTimeout="true"
>                acceptCount="100" scheme="https" secure="true"
>                keystoreFile="F:\Apache Software Foundation\keystores\serverstore.jks"
>                keystorePass="changeit"
>                clientAuth="true"  sslProtocol="TLS"/>
> 
> The keys and keystore were created using Keytool
> 
> Client certificate client.cer was sent to the client machine which uses IE6 to connect
the tomcat server. IE6 imported the client certificate into IE6 under the Trusted Root Certification
Authorites.
> 
> When the client IE6 connects to the tomcat web server, the Client Authentication Window
appeared without the client certificate. 
> Tomcat log gives following error:
> 
> *** CertificateRequest
> Cert Types: RSA, DSS, 
> Cert Authorities:
> <CN=ppwchongdev.plugpower.com, OU=IS, O=Plug Power, L=Latham, ST=New York, C=US>
> <CN=Client, OU=TRL, O=IBM, L=Yamato-shi, ST=Kanagawa-ken, C=JP>
> *** ServerHelloDone
> http-443-Processor25, WRITE: SSLv3 Handshake, length = 938
> http-443-Processor25, received EOFException: error
> http-443-Processor25, handling exception: javax.net.ssl.SSLHandshakeException: Remote
host closed connection during handshake
> http-443-Processor25, SEND SSLv3 ALERT:  fatal, description = handshake_failure
> http-443-Processor25, WRITE: SSLv3 Alert, length = 2
> http-443-Processor25, called closeSocket()
> http-443-Processor25, called close()
> http-443-Processor25, called closeInternal(true)
> 
> 
> Has anyone know why does this error happen? I am suspecting that IE6 has a problem with
the imported client.cer file but I am not able to pinpoint it.
> 
> Your help will be very much appreciated.
> 
> Hong

You need to import the client cert as a user cert, not as a trusted 
root certificate.

Mark



---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message