tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Pid <...@pidster.com>
Subject Re: Client authentication problems
Date Tue, 12 Jan 2010 17:30:28 GMT
On 12/01/2010 16:32, John Watson wrote:
> Dear tomcat users,
>
>
>
> I run tomcat 6.0.18 under java 6 and am attempting to set up client
> authentication via SSL.  I have followed the instructions here:
> http://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html, with Tomcat
> using the default SSL implementation. We act as our own CA, so I have
> set up java keystores at both server and client, each of which has the
> same CA certificate, but a distinct actual certificate. I am attempting
> to test using HttpClient as described here:
> http://hc.apache.org/httpclient-3.x/sslguide.html and am using
> AuthSSLProtocolSocketFactory.
>
>
>
> The client gets hold of the server certificates OK but then the  test
> fails with the error :
>
>
>
> Fatal transport error: Received fatal alert: certificate_unknown
>
> javax.net.ssl.SSLHandshakeException: Received fatal alert:
> certificate_unknown
>
>          at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown
> Source)
>
>          at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown
> Source)
>
>          at com.sun.net.ssl.internal.ssl.SSLSocketImpl.recvAlert(Unknown
> Source).....
>
>
>
> I see no sign of any logging of the SSL handshake at the server side.

Which side is seeing the error?  The client or the server?


p


> If I switch off client authentication  (in server.xml) at the server,
> everything's fine.  Similarly, if I actually use the keystore that
> contains the server certs at the client side, all's OK too.
>
>
>
> I'd appreciate any help you can give - particularly if you can help me
> log the SSL handshake at the server to try to figure out what's
> happening.
>
>
>
> Cheers
>
>
>
> John Watson
>
>
>
> **********************************************************************
>
> Satellite Information Services Limited. Registered Office: 17 Corsham Street, London,
N1 6DR. Company No. 4243307
>
> The information in this email (which includes any files transmitted with it) is confidential
and is intended for the addressee only. Unauthorized recipients are required to maintain confidentiality.
If you have received this email in error please notify the sender immediately, destroy any
copies and delete it from your computer system.
>
> **********************************************************************


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message