tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Hector Adolfo Alonso <alo...@consist.com.ar>
Subject Re: SSL mutual communication problem with Tomcat5 --- Remote host closed connection during handshake
Date Tue, 13 Sep 2005 19:35:07 GMT
Hi Xia:
    I think you cannot use an self-signed certificate (as keytool 
generates) for mutual authentication.
User certificate's certificate authority signer shoul be the same that 
signs the server certificate. In this case,
the server certificate is self-signed. On the othe hand, who signs the 
client certificate ? It's self signed too ?
In this case, there is a problem, because both of them are self signed 
--> both of them are signed by
different CAs --> there is a handshake failure.
   INHO, Tomcat's cert shoud be signed by a true CA ... then the browser 
should recognize CA's cert.
   I'm sure there is a more technical and deep explanation, but I hope 
this help.

Hector./


Xia, Hong wrote:

>Hello,
>
>I am trying to set up Tomcat5 ( as standalone web server ) with https mutal authentication.

>There is the connector config
><Connector port="443" maxHttpHeaderSize="8192"
>               maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
>               enableLookups="true" disableUploadTimeout="true"
>               acceptCount="100" scheme="https" secure="true"
>               keystoreFile="F:\Apache Software Foundation\keystores\serverstore.jks"
>               keystorePass="changeit"
>               clientAuth="true"  sslProtocol="TLS"/>
>
>The keys and keystore were created using Keytool
>
>Client certificate client.cer was sent to the client machine which uses IE6 to connect
the tomcat server. IE6 imported the client certificate into IE6 under the Trusted Root Certification
Authorites.
>
>When the client IE6 connects to the tomcat web server, the Client Authentication Window
appeared without the client certificate. 
>Tomcat log gives following error:
>
>*** CertificateRequest
>Cert Types: RSA, DSS, 
>Cert Authorities:
><CN=ppwchongdev.plugpower.com, OU=IS, O=Plug Power, L=Latham, ST=New York, C=US>
><CN=Client, OU=TRL, O=IBM, L=Yamato-shi, ST=Kanagawa-ken, C=JP>
>*** ServerHelloDone
>http-443-Processor25, WRITE: SSLv3 Handshake, length = 938
>http-443-Processor25, received EOFException: error
>http-443-Processor25, handling exception: javax.net.ssl.SSLHandshakeException: Remote
host closed connection during handshake
>http-443-Processor25, SEND SSLv3 ALERT:  fatal, description = handshake_failure
>http-443-Processor25, WRITE: SSLv3 Alert, length = 2
>http-443-Processor25, called closeSocket()
>http-443-Processor25, called close()
>http-443-Processor25, called closeInternal(true)
>
>
>Has anyone know why does this error happen? I am suspecting that IE6 has a problem with
the imported client.cer file but I am not able to pinpoint it.
>
>Your help will be very much appreciated.
>
>Hong
>
>
>
>  
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message