tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Harish S K <>
Subject RE: SSL client auth
Date Fri, 27 Jan 2012 02:40:51 GMT
Actually, the server is IBM WAS and the client is running in Tomcat which runs on JRE6, I assume
it uses JSSE libraries from jre6. I never faced this problem if the same client program runs
on IBM WAS which uses IBM's java runtime and SSL handlers. So it could be a JRE problem rather
than Tomcat's, in fact subsequent to my last post, I got the same situation by porting the
client program to a plain java application. I know for sure which cacerts is being used and
listing cacerts shows the required cert.  I will try in JSSE forums too.

-----Original Message-----
From: Pid [] 
Sent: Friday, January 27, 2012 4:20 AM
To: Tomcat Users List
Subject: Re: SSL client auth

On 26/01/2012 17:37, Harish S K wrote:
> I am trying to open a https URL on IBM webshpere where ClientAuth is enabled.
> In response I was getting HTTP 403 whereas the URL can be accessed through http. On debugging
further, it looks like the client is not sending the client certificate in response to server's
request. In some forum somebody from Tomcat has said it is not a Tomcat issue as it is upto
the client application to handle. However as the client app uses the SSL handlers etc from
tomcat runtime I was wondering if anyone can help. See the below excerpts from verbose output
certificate chain found by client is empty. I am sure the keystore loaded is correct....


So you've imported a Tomcat jar as a dependency, into your IBM WebSphere application then?
 Which jar have you imported?


> =====================================
> adding as trusted cert:
>   Subject:, OU=myorg, O=myorg, L=NJ, ST=NJ, C=US
>   Issuer:, OU=myorg, O=myorg, L=NJ, ST=NJ, C=US
>   Algorithm: RSA; Serial number: 0x4f1e5842
>   Valid from Tue Jan 24 02:05:38 EST 2012 until Fri Jan 18 02:05:38 
> EST 2013
> .
> .
> .
> *** CertificateRequest
> Cert Types: RSA
> Cert Authorities:
> <, OU=myorg, O=myorg, L=NJ, ST=NJ, C=US>
> *** ServerHelloDone
> *** Certificate chain
> ***
> *** ClientKeyExchange, RSA PreMasterSecret, TLSv1
> =====================================
> Thanks
> Harish.
> ________________________________



To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message