You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Twan Munster <t....@emaxx.nl> on 2003/10/15 12:05:52 UTC
solution problems with ssl client authentication
Hello,
Here's the solution for some major problems, which i expirienced getting client authentication to work. I'll post it to help people save time. It cost me more than a week to get it working and the solution is so simple it can be done in less than half an hour.
Problem 1 getting excisting certificates in keystore
If you already have a ca,client and server certificate this is what to do:
openssl pkcs12 -export -in servercert.crt -inkey mykey.key
-out servercert.p12 -name tomcat -CAfile myCA.crt
-caname root -chain
this is the only command that works, trust me i've tried a lot to ;-)
than set in server.xml in ssl connector keystoreType =PKCS12
Problem 2 certificate is not trusted
on the net all sorts of solutions are given, but this is the only one I got working.
The only solution is adding manually with a program like keytool or keyman the CA certificate of the client to
JAVA_HOME\jre\lib\security\cacerts
creating truststore, adding
CATALINA_OPTS="-Djavax.net.ssl.trustStore=PATH_TO_TRUSTSTORE
-Djavax.net.ssl.trustStorePassword=PASSWORD_FROM_TRUSTSTORE"
didn't work for me
Hope it helps a lot of people,
Twan