Return-Path: 
 <users-return-154277-apmail-tomcat-users-archive=tomcat.apache.org@tomcat.apache.org>
Delivered-To: apmail-tomcat-users-archive@www.apache.org
Received: (qmail 94737 invoked from network); 16 Nov 2006 04:59:35 -0000
Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2)
  by minotaur.apache.org with SMTP; 16 Nov 2006 04:59:35 -0000
Received: (qmail 75507 invoked by uid 500); 16 Nov 2006 04:59:32 -0000
Delivered-To: apmail-tomcat-users-archive@tomcat.apache.org
Received: (qmail 75487 invoked by uid 500); 16 Nov 2006 04:59:32 -0000
Mailing-List: contact users-help@tomcat.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:users-help@tomcat.apache.org>
List-Unsubscribe: <mailto:users-unsubscribe@tomcat.apache.org>
List-Post: <mailto:users@tomcat.apache.org>
List-Id: <users.tomcat.apache.org>
Reply-To: "Tomcat Users List" <users@tomcat.apache.org>
Delivered-To: mailing list users@tomcat.apache.org
Received: (qmail 75476 invoked by uid 99); 16 Nov 2006 04:59:32 -0000
Received: from herse.apache.org (HELO herse.apache.org) (140.211.11.133)
    by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 15 Nov 2006 20:59:32 -0800
X-ASF-Spam-Status: No, hits=2.0 required=10.0
	tests=HTML_MESSAGE
X-Spam-Check-By: apache.org
Received-SPF: pass (herse.apache.org: local policy)
Received: from [203.25.40.75] (HELO rrmailscan3.safenetbox.biz) (203.25.40.75)
    by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 15 Nov 2006 20:59:18 -0800
Received: from rrmailscan3.safenetbox.biz (rrmailscan3.safenetbox.biz
 [127.0.0.1])
	by rrmailscan3.safenetbox.biz (Postfix) with ESMTP id 103001D4843C
	for <users@tomcat.apache.org>; Thu, 16 Nov 2006 15:58:56 +1100 (EST)
Received: from andrewf (unknown [10.30.149.33])
	(Authenticated sender: remote)
	by rrmailscan3.safenetbox.biz (Postfix) with ESMTP id 8809B1D4843E
	for <users@tomcat.apache.org>; Thu, 16 Nov 2006 15:58:54 +1100 (EST)
From: "Andrew Friebel" <andrewf@reynolds.com.au>
To: "'Tomcat Users List'" <users@tomcat.apache.org>
Subject: Client Authentication
Date: Thu, 16 Nov 2006 16:03:53 +1100
Message-ID: <007c01c7093c$9d8957a0$21951e0a@andrewf>
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----=_NextPart_000_007D_01C70998.D0F9CFA0"
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook, Build 10.0.2627
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2869
Importance: Normal
X-Virus-Checked: Checked by ClamAV on apache.org

------=_NextPart_000_007D_01C70998.D0F9CFA0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: 7bit

Has anyone got SSL working with client authentication?  If so, please
help.
 
I have no issues with standard SSL.
 
Standard SSL:
 
keytool -genkey -alias <alias> -keystore <keystore> -kayalg RSA
 
Answer all the questions
 
Edit server.xml file.
 
I am then away and working with SSL for self signed certificates.  No
issues here for me whatsoever.
 
Client authentication:
 
I am having absolutely no luck with client authentication.
 
Is there a step by step guide to get this working for client
authentication?
 
Currently I seemed to believe that my client certificate needs to be a
PKCS12 format.  I do not know if this statement is true or false, and I
do not know enough about openssl to ensure that I have a client
certificate in this format.  Can I create my client keystore using
keytool, then export the certificate, and somehow change the format type
before I import it into the keystore on my server as a trusted
certificate?  Do I need to use openssl at all?
 
I can't even access a page using client authentication using a browser.
 
When I use a browser, I accept the server certificate, and I get an
exception, and the socket closes (before I select my client
certificate), why?  I first need to get past this step.
 
Regards,
Andrew
 

------=_NextPart_000_007D_01C70998.D0F9CFA0--