You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by zhu quanxin <zh...@gmail.com> on 2007/09/21 09:44:01 UTC

How to setup Client authentication SSL in tomcat

Hi, everyone

    I setup two tomcat servers. Server 1 is using client
authentication, I set the server.xml like this:
<Connector port="8443" maxHttpHeaderSize="8192"
               maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
               enableLookups="false" disableUploadTimeout="true"
               acceptCount="100" scheme="https" secure="true"
               clientAuth="true" sslProtocol="TLS"
               keystoreFile="C:/work/server1/tomcat1.keystore"
               keystorePass="password"
               truststoreFile="C:/work/server1/tomcat1.keystore"
               truststorePass="password"
               />
and I deployed a web service on it. when I visit the service, the
server ask me to give out the client certification. That means client
authentication worked.

Server 2 is not using client authentication, I set the server.xml like
following:
<Connector port="8443" maxHttpHeaderSize="8192"
               maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
               enableLookups="false" disableUploadTimeout="true"
               acceptCount="100" scheme="https" secure="true"
               clientAuth="false" sslProtocol="TLS"
               keystoreFile="C:/work/server2/tomcat2.keystore"
               keystorePass="password"
               />

The certifications I used are CA cert, server1 cert, server2 cert.
Both server1 cert and server2 cert are issued by CA.

CA cert was import to the jdk/jre/lib/security/cacert on the two servers.

Server 2 has a servlet that invokes the web sevice on server 1. So,
the server 2 need to provide its certification to server 1 when invoke
the webservice.
when I navigate the servlet, it dose not work,
I do not kown how to setup server 2 to auto provide certification to
server1 when it is asked to provide its certification?

wait for your idea~
Many Thanks!

Zhu quan xin

---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org