Return-Path: Delivered-To: apmail-tomcat-users-archive@www.apache.org Received: (qmail 97579 invoked from network); 2 Apr 2007 07:31:19 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 2 Apr 2007 07:31:19 -0000 Received: (qmail 62737 invoked by uid 500); 2 Apr 2007 07:31:10 -0000 Delivered-To: apmail-tomcat-users-archive@tomcat.apache.org Received: (qmail 62713 invoked by uid 500); 2 Apr 2007 07:31:10 -0000 Mailing-List: contact users-help@tomcat.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Tomcat Users List" Delivered-To: mailing list users@tomcat.apache.org Received: (qmail 62702 invoked by uid 99); 2 Apr 2007 07:31:09 -0000 Received: from herse.apache.org (HELO herse.apache.org) (140.211.11.133) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 02 Apr 2007 00:31:09 -0700 X-ASF-Spam-Status: No, hits=2.0 required=10.0 tests=HTML_MESSAGE,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (herse.apache.org: domain of lvillap@gmail.com designates 209.85.132.242 as permitted sender) Received: from [209.85.132.242] (HELO an-out-0708.google.com) (209.85.132.242) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 02 Apr 2007 00:31:01 -0700 Received: by an-out-0708.google.com with SMTP id d31so1245697and for ; Mon, 02 Apr 2007 00:30:40 -0700 (PDT) DKIM-Signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:references; b=odY67byfbPJb09k4kBuch0gwdnvMIYXZP9PG63EmmzrUJIjCrj1CjDFSBGv5ILBg5SFnrCgk1ezB0gC0QsJv8iO4WR3OAizfbm8FLPCL+NKXWnMnHF+05V/eunN1t9zdppsALlCWPkoFq8zCUtJAX075Tscfnwomqg3UfabNC+g= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:references; b=ojpOLPCEQuewSJxsx+4KUBSdkq6LKTfIbHom53VTH/uvs2vOATgWtwtozLGRIouBXpbny/XRBWusGJFd76us6jb8yveP2VYXDG9Obmxb826ikoX+c3oKBCTEzUM9pKcPlDlLK0Abem7YrN3UQC8FD1wf3CDOYiNQCahZfo7HKfA= Received: by 10.115.78.1 with SMTP id f1mr1691854wal.1175499039230; Mon, 02 Apr 2007 00:30:39 -0700 (PDT) Received: by 10.114.12.18 with HTTP; Mon, 2 Apr 2007 00:30:39 -0700 (PDT) Message-ID: <8c50dabf0704020030t6b24660m2746bc5285ab761e@mail.gmail.com> Date: Mon, 2 Apr 2007 09:30:39 +0200 From: "Luis Villa" To: "Tomcat Users List" Subject: Re: Problems with clientAuth In-Reply-To: <460D046C.9080803@con-sense-group.com> MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_Part_111085_5941108.1175499039148" References: <8c50dabf0703300034n6f1c5d3dua269db6f09200e7a@mail.gmail.com> <460D046C.9080803@con-sense-group.com> X-Virus-Checked: Checked by ClamAV on apache.org ------=_Part_111085_5941108.1175499039148 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: quoted-printable Content-Disposition: inline Hello Martin, Well, at least you are lucky Internet Explorer asks for the certificate, this is what it's supposed to do when using clientAuth=3D"true". What is happening to me is that all works well with clientAuth =3D "false", when changing it to clientAuth=3D"true", Firefox throws this error and IExplorer just can't "find" the page. About secure=3D"true", I'm not sure what it does, I copied it from the Tomc= at 5.5. SSL Howto :S I must confess I have no clue on how to make this work 2007/3/30, Martin Cavanagh : > > Hi Luis. > > I'm pretty sure I'm having exactly the same problem as you - maybe we > can solve it together:) > > When I enable client authentification in my config clientAuth=3D"true" fo= r > you, since your using the Java KeyStore (I'm trying to use OpenSSL), > > I get exactly the same error in Firefox! (except in German ;) ) > > In Internet Explorer I get a message, that the Server requires a > certificate and I need to provide one and that I should select one (I > don't have any installed in Internet Explorer). > > Are you sure that you don't have Client Authenification turned on? > > What does the setting secure=3D"true" actually do? > > Good luck - let me know how you go. > > Martin > > Luis Villa wrote: > > Hello all, > > > > I' a newbie un the list, so first of all I'd like to say hello to > > everyone > > :) > > > > After this, I'd like to ask for help with a problem I have configuring > > Tomcat for digital certifications. I've followed all the steps in the > > Tomcat > > SSL HOWTO and my tomcat now has a secure connector in port 8443. So, > > I've no > > error when trying to enter http://localhost:8443 > > > > The key in server.xml is the following: > > > > > maxThreads=3D"150" minSpareThreads=3D"25" maxSpareThreads=3D"75" > > enableLookups=3D"false" disableUploadTimeout=3D"true" > > acceptCount=3D"100" scheme=3D"https" secure=3D"true" > > clientAuth=3D"false" sslProtocol=3D"TLS" keystoreFile=3D"conf\.keyst= ore" > > keystorePass=3D"changeit"/> > > > > > > The problem appears when changing clientAuth to true. Then, when using > > iexplorer the browser simply can't find the page (or this is what it > > says), > > and when using firefox it warns about the certificate, but after > > accepting > > the certification it says that 'localhost has received an unexpected or > > incorrect message. Error code: -12229'. I've been googling for two > > days and > > I can't find a clue about what is failing nor what means this error > code. > > > > I'd be very grateful if somebody can help me with this, so my boss coul= d > > stop cleaning this gun of his... :P > > > > Thanks in advance for your help :) > > > > Greetings! > > > > > -- > Con-Sense-GmbH > __ > _Martin Cavanagh_ > > Tel.: +49541 800 83 0 > Fax: +49541 800 83 99 > > cavanagh@con-sense-group.com > > Con-Sense GmbH > Neuer Graben 25 > 49074 Osnabr=FCck > www.con-sense-group.com > > Gesch=E4ftsf=FChrer Eckhard Schulz > Amtsgericht Hildesheim HRB 3341 > > --------------------------------------------------------------------- > To start a new topic, e-mail: users@tomcat.apache.org > To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org > For additional commands, e-mail: users-help@tomcat.apache.org > > ------=_Part_111085_5941108.1175499039148--