You are viewing a plain text version of this content. The canonical link for it is here.

Posted to soap-user@ws.apache.org by Christoph Brunner <Ch...@student-zw.fh-kl.de> on 2001/08/06 15:11:28 UTC

Client authentication with SSL

Hi,
i have installed APACHE-SOAP, TOMCAT and SSL!
It's working fine with clientAuth=false!
When i change the connector- parameter 'clientAuth' (server.xml) to true the following error appear:
Caught SOAPException (SOAP-ENV:Client): Error opening socket: null
In the window of TOMCAT following error appear:
2001-08-06 03:03:36 - Ctx(  ): 400 R( /) null
2001-08-06 03:03:36 - Ctx(  ): IOException in: R( /) Socket closed

What's wrong?

Thank you
Christoph Brunner

Re: Client authentication with SSL

Posted by Rich Catlett <ri...@more.net>.

I looked at my implementation, and I have clientAuth=false.  When I set 
it = true I also got an error, although this is what I got

Exception in thread "main" [SOAPException: faultCode=SOAP-ENV:Client; 
msg=Error opening socket: null; 
targetException=java.lang.IllegalArgumentException: Error opening 
socket: null]
    at 
org.apache.soap.transport.http.SOAPHTTPConnection.send(SOAPHTTPConnection.java:324)
    at org.apache.soap.messaging.Message.send(Message.java:123)
    at samples.messaging.SendMessage.main(SendMessage.java:39)

So I'm not sure what to tell you, if you have created certificates for 
both the client and the server, and then imported the clients into the 
servers keystore, and the servers into the clients keystore.  You might 
look at the tomcat documentation and see if it says anything.


Christoph Brunner wrote:

>I have this done and with clientAuth=false it works!
>But with clientAuth=true there is an error:
>Caught SOAPException (SOAP-ENV:Client): Error opening socket: null
>In the window of TOMCAT following error appear:
>2001-08-06 03:03:36 - Ctx(  ): 400 R( /) null
>2001-08-06 03:03:36 - Ctx(  ): IOException in: R( /) Socket closed
>
>Can you send me your keytool commands ?
>
>Thanks
>Christoph Brunner
>
>*********** REPLY SEPARATOR  ***********
>
>On 09.08.2001 at 11:26 Rich Catlett wrote:
>
>>If you go to the user documentation, click on Installation, and go to 
>>the bottom of the page, there is a link to setting up SSL on tomcat and 
>>it talks about creating, exporting and importing certificates.
>>
>>Christoph Brunner wrote:
>>
>>>Hi,
>>>
>>>I currently use an TOMCAT stand alone environment!
>>>Can you tel me how to generate the client certificate and
>>>how I deploy it on TOMCAT-SOAP to authenticate the Client against the server?
>>>
>>>Thank you very much
>>>Christoph Brunner
>>>
>>>
>>>*********** REPLY SEPARATOR  ***********
>>>
>>>On 06.08.2001 at 15:32 Bernd Koecke wrote:
>>>
>>>>Hi,
>>>>
>>>>I think this behaviour is ok. With client authentication the server does
>>>>an extended handshake. It checks the certificate of the client. So the
>>>>server must know the one from the client as well or it must trust the
>>>>certification authority which signed the client certificate. 
>>>>
>>>>How to solve the problem, depends on your environment. If you use only
>>>>Tomcat, no Apache-Webserver, you have to add the client certificate to
>>>>the jsse-stuff. You'll find additional info in the jsse-Dos and in the
>>>>docs to open-ssl. The last is usefull, if you are using apache in front
>>>>of tomcat. 
>>>>
>>>>Bernd
>>>>-- 
>>>>Dipl.-Inform. Bernd Koecke
>>>>UNIX-Entwicklung
>>>>Schlund+Partner AG
>>>>Fon: +49-721-91374-0
>>>>E-Mail: bk@schlund.de
>>>>
>>>
>>>
>
>
>

Re: Client authentication with SSL

Posted by Rich Catlett <ri...@more.net>.

I looked at my implementation, and I have clientAuth=false.  When I set 
it = true I also got an error, although this is what I got

Exception in thread "main" [SOAPException: faultCode=SOAP-ENV:Client; 
msg=Error opening socket: null; 
targetException=java.lang.IllegalArgumentException: Error opening 
socket: null]
    at 
org.apache.soap.transport.http.SOAPHTTPConnection.send(SOAPHTTPConnection.java:324)
    at org.apache.soap.messaging.Message.send(Message.java:123)
    at samples.messaging.SendMessage.main(SendMessage.java:39)

So I'm not sure what to tell you, if you have created certificates for 
both the client and the server, and then imported the clients into the 
servers keystore, and the servers into the clients keystore.  You might 
look at the tomcat documentation and see if it says anything.


Christoph Brunner wrote:

>I have this done and with clientAuth=false it works!
>But with clientAuth=true there is an error:
>Caught SOAPException (SOAP-ENV:Client): Error opening socket: null
>In the window of TOMCAT following error appear:
>2001-08-06 03:03:36 - Ctx(  ): 400 R( /) null
>2001-08-06 03:03:36 - Ctx(  ): IOException in: R( /) Socket closed
>
>Can you send me your keytool commands ?
>
>Thanks
>Christoph Brunner
>
>*********** REPLY SEPARATOR  ***********
>
>On 09.08.2001 at 11:26 Rich Catlett wrote:
>
>>If you go to the user documentation, click on Installation, and go to 
>>the bottom of the page, there is a link to setting up SSL on tomcat and 
>>it talks about creating, exporting and importing certificates.
>>
>>Christoph Brunner wrote:
>>
>>>Hi,
>>>
>>>I currently use an TOMCAT stand alone environment!
>>>Can you tel me how to generate the client certificate and
>>>how I deploy it on TOMCAT-SOAP to authenticate the Client against the server?
>>>
>>>Thank you very much
>>>Christoph Brunner
>>>
>>>
>>>*********** REPLY SEPARATOR  ***********
>>>
>>>On 06.08.2001 at 15:32 Bernd Koecke wrote:
>>>
>>>>Hi,
>>>>
>>>>I think this behaviour is ok. With client authentication the server does
>>>>an extended handshake. It checks the certificate of the client. So the
>>>>server must know the one from the client as well or it must trust the
>>>>certification authority which signed the client certificate. 
>>>>
>>>>How to solve the problem, depends on your environment. If you use only
>>>>Tomcat, no Apache-Webserver, you have to add the client certificate to
>>>>the jsse-stuff. You'll find additional info in the jsse-Dos and in the
>>>>docs to open-ssl. The last is usefull, if you are using apache in front
>>>>of tomcat. 
>>>>
>>>>Bernd
>>>>-- 
>>>>Dipl.-Inform. Bernd Koecke
>>>>UNIX-Entwicklung
>>>>Schlund+Partner AG
>>>>Fon: +49-721-91374-0
>>>>E-Mail: bk@schlund.de
>>>>
>>>
>>>
>
>
>

Re: Client authentication with SSL

Posted by Christoph Brunner <Ch...@student-zw.fh-kl.de>.

I have this done and with clientAuth=false it works!
But with clientAuth=true there is an error:
Caught SOAPException (SOAP-ENV:Client): Error opening socket: null
In the window of TOMCAT following error appear:
2001-08-06 03:03:36 - Ctx(  ): 400 R( /) null
2001-08-06 03:03:36 - Ctx(  ): IOException in: R( /) Socket closed

Can you send me your keytool commands ?

Thanks
Christoph Brunner

*********** REPLY SEPARATOR  ***********

On 09.08.2001 at 11:26 Rich Catlett wrote:

>If you go to the user documentation, click on Installation, and go to 
>the bottom of the page, there is a link to setting up SSL on tomcat and 
>it talks about creating, exporting and importing certificates.
>
>Christoph Brunner wrote:
>
>>Hi,
>>
>>I currently use an TOMCAT stand alone environment!
>>Can you tel me how to generate the client certificate and
>>how I deploy it on TOMCAT-SOAP to authenticate the Client against the server?
>>
>>Thank you very much
>>Christoph Brunner
>>
>>
>>*********** REPLY SEPARATOR  ***********
>>
>>On 06.08.2001 at 15:32 Bernd Koecke wrote:
>>
>>>Hi,
>>>
>>>I think this behaviour is ok. With client authentication the server does
>>>an extended handshake. It checks the certificate of the client. So the
>>>server must know the one from the client as well or it must trust the
>>>certification authority which signed the client certificate. 
>>>
>>>How to solve the problem, depends on your environment. If you use only
>>>Tomcat, no Apache-Webserver, you have to add the client certificate to
>>>the jsse-stuff. You'll find additional info in the jsse-Dos and in the
>>>docs to open-ssl. The last is usefull, if you are using apache in front
>>>of tomcat. 
>>>
>>>Bernd
>>>-- 
>>>Dipl.-Inform. Bernd Koecke
>>>UNIX-Entwicklung
>>>Schlund+Partner AG
>>>Fon: +49-721-91374-0
>>>E-Mail: bk@schlund.de
>>>
>>
>>
>>

Re: Client authentication with SSL

Posted by Christoph Brunner <Ch...@student-zw.fh-kl.de>.

I have this done and with clientAuth=false it works!
But with clientAuth=true there is an error:
Caught SOAPException (SOAP-ENV:Client): Error opening socket: null
In the window of TOMCAT following error appear:
2001-08-06 03:03:36 - Ctx(  ): 400 R( /) null
2001-08-06 03:03:36 - Ctx(  ): IOException in: R( /) Socket closed

Can you send me your keytool commands ?

Thanks
Christoph Brunner

*********** REPLY SEPARATOR  ***********

On 09.08.2001 at 11:26 Rich Catlett wrote:

>If you go to the user documentation, click on Installation, and go to 
>the bottom of the page, there is a link to setting up SSL on tomcat and 
>it talks about creating, exporting and importing certificates.
>
>Christoph Brunner wrote:
>
>>Hi,
>>
>>I currently use an TOMCAT stand alone environment!
>>Can you tel me how to generate the client certificate and
>>how I deploy it on TOMCAT-SOAP to authenticate the Client against the server?
>>
>>Thank you very much
>>Christoph Brunner
>>
>>
>>*********** REPLY SEPARATOR  ***********
>>
>>On 06.08.2001 at 15:32 Bernd Koecke wrote:
>>
>>>Hi,
>>>
>>>I think this behaviour is ok. With client authentication the server does
>>>an extended handshake. It checks the certificate of the client. So the
>>>server must know the one from the client as well or it must trust the
>>>certification authority which signed the client certificate. 
>>>
>>>How to solve the problem, depends on your environment. If you use only
>>>Tomcat, no Apache-Webserver, you have to add the client certificate to
>>>the jsse-stuff. You'll find additional info in the jsse-Dos and in the
>>>docs to open-ssl. The last is usefull, if you are using apache in front
>>>of tomcat. 
>>>
>>>Bernd
>>>-- 
>>>Dipl.-Inform. Bernd Koecke
>>>UNIX-Entwicklung
>>>Schlund+Partner AG
>>>Fon: +49-721-91374-0
>>>E-Mail: bk@schlund.de
>>>
>>
>>
>>

Re: Client authentication with SSL

Posted by Rich Catlett <ri...@more.net>.

If you go to the user documentation, click on Installation, and go to 
the bottom of the page, there is a link to setting up SSL on tomcat and 
it talks about creating, exporting and importing certificates.

Christoph Brunner wrote:

>Hi,
>
>I currently use an TOMCAT stand alone environment!
>Can you tel me how to generate the client certificate and
>how I deploy it on TOMCAT-SOAP to authenticate the Client against the server?
>
>Thank you very much
>Christoph Brunner
>
>
>*********** REPLY SEPARATOR  ***********
>
>On 06.08.2001 at 15:32 Bernd Koecke wrote:
>
>>Hi,
>>
>>I think this behaviour is ok. With client authentication the server does
>>an extended handshake. It checks the certificate of the client. So the
>>server must know the one from the client as well or it must trust the
>>certification authority which signed the client certificate. 
>>
>>How to solve the problem, depends on your environment. If you use only
>>Tomcat, no Apache-Webserver, you have to add the client certificate to
>>the jsse-stuff. You'll find additional info in the jsse-Dos and in the
>>docs to open-ssl. The last is usefull, if you are using apache in front
>>of tomcat. 
>>
>>Bernd
>>-- 
>>Dipl.-Inform. Bernd Koecke
>>UNIX-Entwicklung
>>Schlund+Partner AG
>>Fon: +49-721-91374-0
>>E-Mail: bk@schlund.de
>>
>
>
>

Re: Client authentication with SSL

Posted by Rich Catlett <ri...@more.net>.

If you go to the user documentation, click on Installation, and go to 
the bottom of the page, there is a link to setting up SSL on tomcat and 
it talks about creating, exporting and importing certificates.

Christoph Brunner wrote:

>Hi,
>
>I currently use an TOMCAT stand alone environment!
>Can you tel me how to generate the client certificate and
>how I deploy it on TOMCAT-SOAP to authenticate the Client against the server?
>
>Thank you very much
>Christoph Brunner
>
>
>*********** REPLY SEPARATOR  ***********
>
>On 06.08.2001 at 15:32 Bernd Koecke wrote:
>
>>Hi,
>>
>>I think this behaviour is ok. With client authentication the server does
>>an extended handshake. It checks the certificate of the client. So the
>>server must know the one from the client as well or it must trust the
>>certification authority which signed the client certificate. 
>>
>>How to solve the problem, depends on your environment. If you use only
>>Tomcat, no Apache-Webserver, you have to add the client certificate to
>>the jsse-stuff. You'll find additional info in the jsse-Dos and in the
>>docs to open-ssl. The last is usefull, if you are using apache in front
>>of tomcat. 
>>
>>Bernd
>>-- 
>>Dipl.-Inform. Bernd Koecke
>>UNIX-Entwicklung
>>Schlund+Partner AG
>>Fon: +49-721-91374-0
>>E-Mail: bk@schlund.de
>>
>
>
>

Re: Client authentication with SSL

Posted by Christoph Brunner <Ch...@student-zw.fh-kl.de>.

Hi,

I currently use an TOMCAT stand alone environment!
Can you tel me how to generate the client certificate and
how I deploy it on TOMCAT-SOAP to authenticate the Client against the server?

Thank you very much
Christoph Brunner


*********** REPLY SEPARATOR  ***********

On 06.08.2001 at 15:32 Bernd Koecke wrote:

>Hi,
>
>I think this behaviour is ok. With client authentication the server does
>an extended handshake. It checks the certificate of the client. So the
>server must know the one from the client as well or it must trust the
>certification authority which signed the client certificate. 
>
>How to solve the problem, depends on your environment. If you use only
>Tomcat, no Apache-Webserver, you have to add the client certificate to
>the jsse-stuff. You'll find additional info in the jsse-Dos and in the
>docs to open-ssl. The last is usefull, if you are using apache in front
>of tomcat. 
>
>Bernd
>-- 
>Dipl.-Inform. Bernd Koecke
>UNIX-Entwicklung
>Schlund+Partner AG
>Fon: +49-721-91374-0
>E-Mail: bk@schlund.de

Re: Client authentication with SSL

Posted by Christoph Brunner <Ch...@student-zw.fh-kl.de>.

Hi,

I currently use an TOMCAT stand alone environment!
Can you tel me how to generate the client certificate and
how I deploy it on TOMCAT-SOAP to authenticate the Client against the server?

Thank you very much
Christoph Brunner


*********** REPLY SEPARATOR  ***********

On 06.08.2001 at 15:32 Bernd Koecke wrote:

>Hi,
>
>I think this behaviour is ok. With client authentication the server does
>an extended handshake. It checks the certificate of the client. So the
>server must know the one from the client as well or it must trust the
>certification authority which signed the client certificate. 
>
>How to solve the problem, depends on your environment. If you use only
>Tomcat, no Apache-Webserver, you have to add the client certificate to
>the jsse-stuff. You'll find additional info in the jsse-Dos and in the
>docs to open-ssl. The last is usefull, if you are using apache in front
>of tomcat. 
>
>Bernd
>-- 
>Dipl.-Inform. Bernd Koecke
>UNIX-Entwicklung
>Schlund+Partner AG
>Fon: +49-721-91374-0
>E-Mail: bk@schlund.de

Re: Client authentication with SSL

Posted by Bernd Koecke <bk...@schlund.de>.

Hi,

I think this behaviour is ok. With client authentication the server does
an extended handshake. It checks the certificate of the client. So the
server must know the one from the client as well or it must trust the
certification authority which signed the client certificate. 

How to solve the problem, depends on your environment. If you use only
Tomcat, no Apache-Webserver, you have to add the client certificate to
the jsse-stuff. You'll find additional info in the jsse-Dos and in the
docs to open-ssl. The last is usefull, if you are using apache in front
of tomcat. 

Bernd
-- 
Dipl.-Inform. Bernd Koecke
UNIX-Entwicklung
Schlund+Partner AG
Fon: +49-721-91374-0
E-Mail: bk@schlund.de

Re: Client authentication with SSL

Posted by Bernd Koecke <bk...@schlund.de>.

Hi,

I think this behaviour is ok. With client authentication the server does
an extended handshake. It checks the certificate of the client. So the
server must know the one from the client as well or it must trust the
certification authority which signed the client certificate. 

How to solve the problem, depends on your environment. If you use only
Tomcat, no Apache-Webserver, you have to add the client certificate to
the jsse-stuff. You'll find additional info in the jsse-Dos and in the
docs to open-ssl. The last is usefull, if you are using apache in front
of tomcat. 

Bernd
-- 
Dipl.-Inform. Bernd Koecke
UNIX-Entwicklung
Schlund+Partner AG
Fon: +49-721-91374-0
E-Mail: bk@schlund.de