You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by "Gaussmann, Horst" <Ho...@db-ig.com> on 2001/10/16 08:28:05 UTC
CLIENT_CERT and Tomcat 3.2.3
Hello!
I want to use client authentification based on a client certificate.
I've read several documentation about that - so tomcat and ssl, jsse ...
After that i've done the following:
changed server.xml to get ssl support
<Connector className="org.apache.tomcat.service.PoolTcpConnector">
<Parameter name="handler"
value="org.apache.tomcat.service.http.HttpConnectionHandler"/>
<Parameter name="port" value="8443"/>
<Parameter name="socketFactory"
value="org.apache.tomcat.net.SSLSocketFactory" />
<Parameter name="keystore" value="c:\tomcat\conf\.keystore" />
<Parameter name="keypass" value="changeit" />
<Parameter name="clientAuth" value="true" />
</Connector>
so i could that i could connect to the rigth port.
Then i made a webapp with some protected resourcen.
<security-constraint>
<web-resource-collection>
<web-resource-name>protected area</web-resource-name>
<url-pattern>/*</url-pattern>
<http-method>DELETE</http-method>
<http-method>GET</http-method>
<http-method>POST</http-method>
<http-method>PUT</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>tomcat</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>CLIENT-CERT</auth-method>
<realm-name>GIM Protected</realm-name>
</login-config>
The Problem is i always get the http error code 401. I don't know what to do
to get it work....
I've set up debugging for ssl and i wondered why tomcat reads the
%java_home\jre\lib\security\cacerts file when clientAuth="false" and not
when this flag is "true". Also my Browser didn't prompt me to select the
client cert.
I'm confused about the mechanism of client certification.
thanx for light Horst