You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by aravidu <ar...@yahoo.com> on 2010/08/19 23:14:57 UTC
Re: Tomcat 5.5 Trust Stores and Client Authentication
Did you finally figure out how to fix this issue? I am having the same issue
today..
Can you please help, if you happen to look at this? The only change is I am
using tomcat 6.0
Thanks much.
-A
Ron Perkins-2 wrote:
>
> Hi All,
>
> I have done the following to create a Trust Store for Tomcat to use:
>
> Created a keystore with new certificate:
>
> keytool -genkey -alias mycert -keyalg RSA -kaypass changeit -keystore
> keystore.jks -storepass changeit
>
> Exported certificate:
>
> keytool -export -alias mycert -file mycert.cer -keystore keystore.jks
> -storepass changeit
>
> Imported certificate into trust store:
>
> keytool -import -v -trustcacerts alias mycert -keypass changeit -file
> mycert.cer -keystore cacerts.jks -storepass changeit
>
> Added the following Connector into server.xml to allow Client
> Authentication:
>
> <Connector
> port="443"
> scheme="https"
> secure="true"
> keystoreFile="C:/keystore.jks"
> keystorePass="changeit"
> keystoreType="JKS"
> keyAlias="mykey"
> truststoreFile="C:/cacerts.jks"
> truststorePass="changeit"
> truststoreType="JKS"
> sslProtocol="TLS"
> maxSpareThreads="75"
> maxThreads="350"
> uRIEncoding="UTF-8"
> minSpareThreads="25"
> clientAuth="true">
> </Connector>
>
> After starting Tomcat up, using netstat I can see that port 443 is
> listening...
>
> When using IE to test the connection to the https default page I get
> IE's no communication web page displayed. If I use Firefox this gives
> me the following error: SSL peer cannot verify your certificate (Error
> code: ssl_error_bad_cert_alert)
>
> I was expecting a message to say that the client needs a client
> certificate? I then installed the client certificate mycert.cer into
> the client browsers, but has no effect and I still recevie the same
> error messages.
>
> To check that I have SSL correctly installed, if I change
> clientAuth="true" to clientAuth="false" then default Tomcatwebpage is
> displayed within the browsers.
>
> What have I done wrong? I am thinking that it is the way that I have
> created the Trust store that is the problem?
>
> Thanks for any help in advance...
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
>
--
View this message in context: http://old.nabble.com/Tomcat-5.5-Trust-Stores-and-Client-Authentication-tp23132214p29486541.html
Sent from the Tomcat - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Tomcat 5.5 Trust Stores and Client Authentication
Posted by Hans Wahn <ha...@googlemail.com>.
>> I then installed the client certificate mycert.cer into
>> the client browsers, but has no effect and I still recevie the same
>> error messages.
Is Firefox able to authenticate itself via a client certificate
against a server? Maybe you just installed it in the truststore of
trustfull servers?
- just a thought -
cheers
Hans
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org