You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by zhu quanxin <zh...@gmail.com> on 2007/09/21 09:44:01 UTC
How to setup Client authentication SSL in tomcat
Hi, everyone
I setup two tomcat servers. Server 1 is using client
authentication, I set the server.xml like this:
<Connector port="8443" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
clientAuth="true" sslProtocol="TLS"
keystoreFile="C:/work/server1/tomcat1.keystore"
keystorePass="password"
truststoreFile="C:/work/server1/tomcat1.keystore"
truststorePass="password"
/>
and I deployed a web service on it. when I visit the service, the
server ask me to give out the client certification. That means client
authentication worked.
Server 2 is not using client authentication, I set the server.xml like
following:
<Connector port="8443" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
keystoreFile="C:/work/server2/tomcat2.keystore"
keystorePass="password"
/>
The certifications I used are CA cert, server1 cert, server2 cert.
Both server1 cert and server2 cert are issued by CA.
CA cert was import to the jdk/jre/lib/security/cacert on the two servers.
Server 2 has a servlet that invokes the web sevice on server 1. So,
the server 2 need to provide its certification to server 1 when invoke
the webservice.
when I navigate the servlet, it dose not work,
I do not kown how to setup server 2 to auto provide certification to
server1 when it is asked to provide its certification?
wait for your idea~
Many Thanks!
Zhu quan xin
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org