Re: Tomcat 5.5 Trust Stores and Client Authentication

[aravidu <ar...@yahoo.com>]

Did you finally figure out how to fix this issue? I am having the same issue
today.. 
Can you please help, if you happen to look at this? The only change is I am
using tomcat 6.0

Thanks much.
-A


Ron Perkins-2 wrote:
> 
> Hi All,
> 
> I have done the following to create a Trust Store for Tomcat to use:
> 
> Created a keystore with new certificate:
> 
> keytool -genkey -alias mycert -keyalg RSA -kaypass changeit -keystore
> keystore.jks -storepass changeit
> 
> Exported certificate:
> 
> keytool -export -alias mycert -file mycert.cer -keystore keystore.jks
> -storepass changeit
> 
> Imported certificate into trust store:
> 
> keytool -import -v -trustcacerts alias mycert -keypass changeit -file
> mycert.cer -keystore cacerts.jks -storepass changeit
> 
> Added the following Connector into server.xml to allow Client
> Authentication:
> 
> <Connector
>        port="443"
>        scheme="https"
>        secure="true"
>        keystoreFile="C:/keystore.jks"
>        keystorePass="changeit"
>        keystoreType="JKS"
>        keyAlias="mykey"
>        truststoreFile="C:/cacerts.jks"
>        truststorePass="changeit"
>        truststoreType="JKS"
>        sslProtocol="TLS"
>        maxSpareThreads="75"
>        maxThreads="350"
>        uRIEncoding="UTF-8"
>        minSpareThreads="25"
>        clientAuth="true">
> </Connector>
> 
> After starting Tomcat up, using netstat I can see that port 443 is
> listening...
> 
> When using IE to test the connection to the https default page I get
> IE's no communication web page displayed. If I use Firefox this gives
> me the following error: SSL peer cannot verify your certificate (Error
> code: ssl_error_bad_cert_alert)
> 
> I was expecting a message to say that the client needs a client
> certificate? I then installed the client certificate mycert.cer into
> the client browsers, but has no effect and I still recevie the same
> error messages.
> 
> To check that I have SSL correctly installed, if I change
> clientAuth="true" to clientAuth="false" then default Tomcatwebpage is
> displayed within the browsers.
> 
> What have I done wrong? I am thinking that it is the way that I have
> created the Trust store that is the problem?
> 
> Thanks for any help in advance...
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
> 
> 
> 

-- 
View this message in context: http://old.nabble.com/Tomcat-5.5-Trust-Stores-and-Client-Authentication-tp23132214p29486541.html
Sent from the Tomcat - User mailing list archive at Nabble.com.


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

Re: Tomcat 5.5 Trust Stores and Client Authentication

[Hans Wahn <ha...@googlemail.com>]

>> I then installed the client certificate mycert.cer into
>> the client browsers, but has no effect and I still recevie the same
>> error messages.

Is Firefox able to authenticate itself via a client certificate
against a server? Maybe you just installed it in the truststore of
trustfull servers?
- just a thought -

cheers
Hans

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org