tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Martin Cavanagh <cavan...@con-sense-group.com>
Subject Re: Problems with clientAuth
Date Mon, 16 Apr 2007 13:12:56 GMT
do you want to excannge conf.xml files?  I'll happily try yours on my 
computer........

I've had success running both OpenSSL & JavaKeystore.....

I'm running OpenSSL now, because it is supposedly considerably faster.  
I'm not quite sure how to check though.....

One question though.

I have the SSLCACerticateFile property set.  Awesome.  It works.  
Anything coming from that CA is okay, everything else isn't.

How do I do this on a per Client basis?

Thanks

Martin

Luis Villa wrote:
> Hello all !
>
> Someone can throw a little light in this problem?
>
> I am not able to solve it, and I've tried anything I've found 
> searching in
> google :S
>
> Thank all!
>
> 2007/4/2, Luis Villa <lvillap@gmail.com>:
>>
>> Ok, now I'm getting mad :S
>>
>> IExplorer keeps saying the page can't be found (it doesn't ask for the
>> certificate), and Firefox throws a -12271 error (I don't know if that is
>> close enought to the error you said, Antoine. Anyway, nothing has 
>> changed
>> since the last 12229 error (I left the computer off in the weekend 
>> because
>> it's in my workplace).
>>
>> Martin, the behavior of Tomcat in your case (I think) is correct. You 
>> put
>> clientAuth="true", so you are forcing the client to send the 
>> certificate to
>> allow connection. You should install a certificate in IExplorer and 
>> Firefox.
>>
>>
>> Thank you, Antoine and Martin :)
>>
>>
>> 2007/4/2, Mirou, Antoine <antoine.mirou@caissedesdepots.fr>:
>> >
>> > > The problem appears when changing clientAuth to true. Then, when 
>> using
>> > > iexplorer the browser simply can't find the page (or this is what it
>> > > says),
>> > > and when using firefox it warns about the certificate, but after
>> > accepting
>> > > the certification it says that 'localhost has received an unexpected
>> > or
>> > > incorrect message. Error code: -12229'. I've been googling for two
>> > days
>> > > and
>> > > I can't find a clue about what is failing nor what means this error
>> > code.
>> >
>> > I guess it's a "-12227" error, and not 12229. This error appears when
>> > Firefox doesn't have any client certificate to give to the server.
>> > You should install a client certificate issued by the same CA on your
>> > browser.
>> >
>> > Regards,
>> > Antoine
>> >
>> >
>> > Afin de preserver l'environnement, merci de n'imprimer ce courriel 
>> qu'en
>> > cas de necessite.
>> >
>> > Please consider the environment before printing this mail.
>> >
>> >
>> > ---------------------------------------------------------------------
>> > To start a new topic, e-mail: users@tomcat.apache.org
>> > To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> > For additional commands, e-mail: users-help@tomcat.apache.org
>> >
>> >
>>
>


-- 
Con-Sense-GmbH
__
_Martin Cavanagh_

Tel.: +49541 800 83 0
Fax: +49541 800 83 99

cavanagh@con-sense-group.com <mailto:kleinewolter@con-sense-group.com>

Con-Sense GmbH
Neuer Graben 25
49074 Osnabrück
www.con-sense-group.com <http://www.con-sense-group.com>

Geschäftsführer Eckhard Schulz
Amtsgericht Hildesheim HRB 3341

---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message