tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jason Pyeron" <jpye...@pdinc.us>
Subject RE: clent authentication using a smard card
Date Tue, 20 Oct 2009 11:02:53 GMT
> -----Original Message-----
> From: Marcello Marangio [mailto:m.marangio@innova.puglia.it] 
> > Da: Jason Pyeron [mailto:jpyeron@pdinc.us]
> > > From: Marcello Marangio [mailto:m.marangio@innova.puglia.it]
> > > > Da: Jason Pyeron [mailto:jpyeron@pdinc.us]
> > >
> > > Ok.
> > > I made the same thing with IE and in the debug it says "null cert 
> > > chain"
> > > during the client authentication handshake.
> > > Now I am confused...
> > >
> > 
> > Lets step back and look.
> > 
> > Can you provide the smart card and server certificate chain 
> (no keys 
> > please)?
> 
> Hang on a second...
> The server certificate is an self signed certificate I made 
> with keytool.
> The smart card certificate, instead, is a real one, I use to 
> legally sign electronic documents; the issuer is an Italian CA.
> 
> Do you expect the issuer of the smart card certificate to be 
> the same as the server one?

Not always.

Lets take for example:


https://mail.pdinc.us <-PD Inc Public CA<-PD Inc Root CA

 and 

MySmartCard <- DOD EMAIL CA-15 <- DoD Root CA-2

The smime cert used on this email

I can use my smart card to auth againstthe server. But the server must know
about DoD Root CA-2.

> 
> How can I print out the certificate chain?
> Thanks again
> M



--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-                                                               -
- Jason Pyeron                      PD Inc. http://www.pdinc.us -
- Principal Consultant              10 West 24th Street #100    -
- +1 (443) 269-1555 x333            Baltimore, Maryland 21218   -
-                                                               -
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
This message is copyright PD Inc, subject to license 20080407P00.

Mime
View raw message