You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by "Shiva.Devaguptapu" <sh...@hbh.ilabsgroup.com> on 2003/01/18 14:31:45 UTC

Tomcat 4 - SSL - Client Authentication

Hi,
	I am using Tomcat 4 on a linux system. I am trying to enable SSL
with
client authentication enabled. I want the client to be the Internet
Explorer, running
on Win2K, my desktop. I found the following steps on the net and tried.
*	Create keys on the server
*	Create the certificate on the server
*	Uncomment the required part in the server.xml of Tomcat
*	Enter appropriate values for the attributes in server.xml as :
				    <Connector
className="org.apache.catalina.connector.http.HttpConnector"
				               port="8453" minProcessors="5"
maxProcessors="75"
				               enableLookups="true"
				               acceptCount="10" debug="0"
scheme="https" secure="true">
				      <Factory
className="org.apache.catalina.net.SSLServerSocketFactory"
	
keystoreFile="/home/shiva/tomcat/keystore/server.keystore"
				               keystorePass="changeit"
				               clientAuth="true"
protocol="TLS"/>
				    </Connector>
*	Create keys on the client
*	Create the certificate on the client
*	Import the cliet certificate on the server
*	Import the client certificate into Internet Explorer
	Now I started tomcat and I tried to access from the IE, the URL
https://192.168.200.12:8453 - then the Client Authentication dialog box
appears
without any certificates in the list, as a result I cannot select any
certificate, and
if I click on OK button, it says page cannot be displayed.
	I also tried importing the client certificate into
$JAVA_HOME/jre/lib/security/cacerts
on the serverand even that did not solve the problem and even I tried
importing
the server certificate on the client side into
$JAVA_HOME/jre/lib/security/cacerts
and into IE as well and even after the problem is not solved.
	I am including all the commands I used to perform the above steps.
Can anyone help me out in getting this done.
Thanks in advance,
Shiva.

=========================================================
Commnands used
=========================================================
***For generating server keys on Linux***
keytool -genkey -alias tomcat-sv \
  -keyalg RSA -keypass changeit \
  -storepass changeit \
  -keystore $CATALINA_HOME/keystore/server.keystore
***this keystore directory is created by me***
---------------
***For generating server cetificate on Linux***
keytool -export -alias tomcat-sv \
  -storepass changeit \
  -file server.cer \
  -keystore $CATALINA_HOME/keystore/server.keystore
---------------
***For generating client keys on Win2K***
keytool -genkey -alias tomcat-cl ^
  -keyalg RSA -keypass changeit ^
  -storepass changeit ^
  -keystore C:\ssltest\mykeystore\client.keystore
---------------
***For generating client cetificate on Win2K***
keytool -export -alias tomcat-cl ^
  -storepass changeit ^
  -file C:\ssltest\client.cer ^
  -keystore C:\ssltest\mykeystore\client.keystore
---------------
***For importing the client certificate on the server***
keytool -import -v -trustcacerts \
  -alias tomcat -file client.cer \
  -keypass changeit \
  -storepass changeit \
  -keystore /home/lotto/lotto/utilities/tomcat/keystore/server.keystore
=========================================================

--
To unsubscribe, e-mail:   <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>