You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Ron Perkins <ro...@googlemail.com> on 2009/04/16 10:50:57 UTC
Help Needed with getting Client Authentication Working With Tomcat
5.5
I am trying to get Client Authentication working with Tomcat 5.5, I
have successfully got SSL working without Client Authentication.
This is what I have done so far.
Created a keystore with new certificate:
keytool -genkey -alias mykey -keyalg RSA -kaypass changeit -keystore
keystore.jks -storepass changeit
Exported certificate:
keytool -export -alias mykey -file mykey.cer -keystore keystore.jks
-storepass changeit
Imported certificate into trust store:
keytool -import -v -trustcacerts alias mykey -keypass changeit -file
mykey.cer -keystore cacerts.jks -storepass changeit
Added the following Connector into server.xml:
<Connector
port="443"
scheme="https"
secure="true"
keystoreFile="C:/keystore.jks"
keystorePass="changeit"
keystoreType="JKS"
keyAlias="mykey"
truststoreFile="C:/cacerts.jks"
truststorePass="changeit"
truststoreType="JKS"
sslProtocol="TLS"
maxSpareThreads="75"
maxThreads="350"
uRIEncoding="UTF-8"
minSpareThreads="25"
clientAuth="true">
</Connector>
Within the Firefox browser this gives the following error when going
to url: https//<hostname>.<domain>
"SSL peer cannot verify your certificate (Error code: ssl_error_bad_cert_alert)"
If I change clientAuth="true" to clientAuth="false" the default Tomcat
webpage is displayed within the browser.
Have I missed something within the configuration or do I need to do
something different of the creation of the trust store certificate?
Thanks
Ron
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org