tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Marcello Marangio" <m.maran...@innova.puglia.it>
Subject R: clent authentication using a smard card
Date Tue, 20 Oct 2009 11:43:43 GMT


> -----Messaggio originale-----
> Da: Jason Pyeron [mailto:jpyeron@pdinc.us]
> Inviato: martedì 20 ottobre 2009 13.03
> A: 'Tomcat Users List'
> Oggetto: RE: clent authentication using a smard card
> 
> > -----Original Message-----
> > From: Marcello Marangio [mailto:m.marangio@innova.puglia.it]
> > > Da: Jason Pyeron [mailto:jpyeron@pdinc.us]
> > > > From: Marcello Marangio [mailto:m.marangio@innova.puglia.it]
> > > > > Da: Jason Pyeron [mailto:jpyeron@pdinc.us]
> > > >
> > > > Ok.
> > > > I made the same thing with IE and in the debug it says "null cert
> > > > chain"
> > > > during the client authentication handshake.
> > > > Now I am confused...
> > > >
> > >
> > > Lets step back and look.
> > >
> > > Can you provide the smart card and server certificate chain
> > (no keys
> > > please)?
> >
> > Hang on a second...
> > The server certificate is an self signed certificate I made
> > with keytool.
> > The smart card certificate, instead, is a real one, I use to
> > legally sign electronic documents; the issuer is an Italian CA.
> >
> > Do you expect the issuer of the smart card certificate to be
> > the same as the server one?
> 
> Not always.
> 
> Lets take for example:
> 
> 
> https://mail.pdinc.us <-PD Inc Public CA<-PD Inc Root CA
> 
>  and
> 
> MySmartCard <- DOD EMAIL CA-15 <- DoD Root CA-2
> 
> The smime cert used on this email
> 
> I can use my smart card to auth againstthe server. But the server must
> know
> about DoD Root CA-2.
> 


Ok. In my case:


https://localhost <- self signed certificate
and
Mysmartcard <- my certificate <- infocamere root CA

And in my trusted certificates keystore there is infocamere root CA.

Please find in attachment a signed text file you can read my cert info from.

Thanks
Marcello

Mime
View raw message