You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@tomcat.apache.org by Twan Munster <t....@emaxx.nl> on 2003/10/15 12:05:52 UTC

solution problems with ssl client authentication

Hello,

Here's the solution for some major problems, which i expirienced getting client authentication to work. I'll post it to help people save time. It cost me more than a week to get it working and the solution is so simple it can be done in less than half an hour.

Problem 1 getting excisting certificates in keystore
If you already have a ca,client and server certificate this is what to do:

openssl pkcs12 -export -in servercert.crt -inkey mykey.key 
                        -out servercert.p12 -name tomcat -CAfile myCA.crt 
                        -caname root -chain

this is the only command that works, trust me i've tried a lot to ;-)

than set in server.xml in ssl connector keystoreType =PKCS12

Problem 2 certificate is not trusted

on the net all sorts of solutions are given, but this is the only one I got working.
The only solution is adding manually with a program like keytool or keyman the CA certificate of the client to 
JAVA_HOME\jre\lib\security\cacerts

creating truststore, adding 
CATALINA_OPTS="-Djavax.net.ssl.trustStore=PATH_TO_TRUSTSTORE
-Djavax.net.ssl.trustStorePassword=PASSWORD_FROM_TRUSTSTORE"
didn't work for me

Hope it helps a lot of people,

Twan