You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by "Shiva.Devaguptapu" <sh...@hbh.ilabsgroup.com> on 2003/01/18 14:31:45 UTC
Tomcat 4 - SSL - Client Authentication
Hi,
I am using Tomcat 4 on a linux system. I am trying to enable SSL
with
client authentication enabled. I want the client to be the Internet
Explorer, running
on Win2K, my desktop. I found the following steps on the net and tried.
* Create keys on the server
* Create the certificate on the server
* Uncomment the required part in the server.xml of Tomcat
* Enter appropriate values for the attributes in server.xml as :
<Connector
className="org.apache.catalina.connector.http.HttpConnector"
port="8453" minProcessors="5"
maxProcessors="75"
enableLookups="true"
acceptCount="10" debug="0"
scheme="https" secure="true">
<Factory
className="org.apache.catalina.net.SSLServerSocketFactory"
keystoreFile="/home/shiva/tomcat/keystore/server.keystore"
keystorePass="changeit"
clientAuth="true"
protocol="TLS"/>
</Connector>
* Create keys on the client
* Create the certificate on the client
* Import the cliet certificate on the server
* Import the client certificate into Internet Explorer
Now I started tomcat and I tried to access from the IE, the URL
https://192.168.200.12:8453 - then the Client Authentication dialog box
appears
without any certificates in the list, as a result I cannot select any
certificate, and
if I click on OK button, it says page cannot be displayed.
I also tried importing the client certificate into
$JAVA_HOME/jre/lib/security/cacerts
on the serverand even that did not solve the problem and even I tried
importing
the server certificate on the client side into
$JAVA_HOME/jre/lib/security/cacerts
and into IE as well and even after the problem is not solved.
I am including all the commands I used to perform the above steps.
Can anyone help me out in getting this done.
Thanks in advance,
Shiva.
=========================================================
Commnands used
=========================================================
***For generating server keys on Linux***
keytool -genkey -alias tomcat-sv \
-keyalg RSA -keypass changeit \
-storepass changeit \
-keystore $CATALINA_HOME/keystore/server.keystore
***this keystore directory is created by me***
---------------
***For generating server cetificate on Linux***
keytool -export -alias tomcat-sv \
-storepass changeit \
-file server.cer \
-keystore $CATALINA_HOME/keystore/server.keystore
---------------
***For generating client keys on Win2K***
keytool -genkey -alias tomcat-cl ^
-keyalg RSA -keypass changeit ^
-storepass changeit ^
-keystore C:\ssltest\mykeystore\client.keystore
---------------
***For generating client cetificate on Win2K***
keytool -export -alias tomcat-cl ^
-storepass changeit ^
-file C:\ssltest\client.cer ^
-keystore C:\ssltest\mykeystore\client.keystore
---------------
***For importing the client certificate on the server***
keytool -import -v -trustcacerts \
-alias tomcat -file client.cer \
-keypass changeit \
-storepass changeit \
-keystore /home/lotto/lotto/utilities/tomcat/keystore/server.keystore
=========================================================
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>