You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by "Chandra Madhumanchi (cmadhuma)" <cm...@cisco.com> on 2008/11/19 06:46:15 UTC
please help me how to configure SSL 2 way on tamcat webser by using .net client.
Hi
when i am validating client certificate by using .net class(sslStream)
http://msdn.microsoft.com/en-us/library/system.net.security.sslstream.as
px
i am getting error like SSPI failed.
Actually in server.xml i configure clientAuth as True.
<!-- Define a SSL HTTP/1.1 Connector on port 8443 -->
<Connector port="8443" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25"
maxSpareThreads="75"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
clientAuth="true" sslProtocol="TLS"
keystoreFile="server.keystore" keystorePass="123456" />
Do i need to do any other settings come out the problem.
Could you please provide any sample solution how to validate client
certificate on tamcat webserver through .Net client.
Regards
Chandra Madhumanchi
<http://www.cisco.com/>
Re: please help me how to configure SSL 2 way on tamcat webser by using .net client. can anybody solve this problem
Posted by Bill Barker <wb...@wilshire.com>.
"Christopher Schultz" <ch...@christopherschultz.net> wrote in message
news:492592BC.9050403@christopherschultz.net...
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Chandra,
>
> Chandra Madhumanchi (cmadhuma) wrote:
>> Do we have any solution ssl 2 way configuration on tamcat webserver
>> through .Net Client
>
> If you're just trying to connect to Tomcat using SSL from a .Net client,
> there's no special configuration when using a non-.Net client.
>
>> when i am validating client certificate by using .net class(sslStream)
>> http://msdn.microsoft.com/en-us/library/system.net.security.sslstream.as
>> px
>> i am getting error like SSPI failed.
>
> This list isn't the best one to ask .Net questions. Generally, the
> client certificate is delivered FROM the client (your .Net code) to the
> server (Tomcat). Is Tomcat giving you the error, or is .Net giving you
> the error?
>
> Please post the entire stack trace of the exception you are getting, as
> well as any message you are getting in a log file. "like SSPI failed" is
> not very precise.
>
>> clientAuth="true"
>> keystoreFile="server.keystore"
>
> This looks okay. Does your keystore have the client's certificate in it?
> What about a certificate that has signed the client's certificate?
> Perhaps a dump of your keystore would be helpful, too.
>
This seems to be a common misconception. The keystoreFile plays no role in
authenticating client certs in Tomcat. It is only used to get the server
cert. The truststoreFile attribute is what is used to validate client
certs. If it is omitted, then you just get the trusted root certs provided
by your JVM vendor (e.g. the cacerts file for the Sun JVM).
> Can you get this to work through a web browser? Honestly, the .Netedness
> of the client is irrelevant.
>
> - -chris
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.9 (MingW32)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iEYEARECAAYFAkklkrwACgkQ9CaO5/Lv0PBb4wCcCGOCla20G8qrta2kwN+B589R
> zKsAoMIXymYXlmGB1bZxVWqnhmSHbBBZ
> =d71m
> -----END PGP SIGNATURE-----
>
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: please help me how to configure SSL 2 way on tamcat webser by
using .net client. can anybody solve this problem
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Chandra,
Chandra Madhumanchi (cmadhuma) wrote:
> Do we have any solution ssl 2 way configuration on tamcat webserver
> through .Net Client
If you're just trying to connect to Tomcat using SSL from a .Net client,
there's no special configuration when using a non-.Net client.
> when i am validating client certificate by using .net class(sslStream)
> http://msdn.microsoft.com/en-us/library/system.net.security.sslstream.as
> px
> i am getting error like SSPI failed.
This list isn't the best one to ask .Net questions. Generally, the
client certificate is delivered FROM the client (your .Net code) to the
server (Tomcat). Is Tomcat giving you the error, or is .Net giving you
the error?
Please post the entire stack trace of the exception you are getting, as
well as any message you are getting in a log file. "like SSPI failed" is
not very precise.
> clientAuth="true"
> keystoreFile="server.keystore"
This looks okay. Does your keystore have the client's certificate in it?
What about a certificate that has signed the client's certificate?
Perhaps a dump of your keystore would be helpful, too.
Can you get this to work through a web browser? Honestly, the .Netedness
of the client is irrelevant.
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iEYEARECAAYFAkklkrwACgkQ9CaO5/Lv0PBb4wCcCGOCla20G8qrta2kwN+B589R
zKsAoMIXymYXlmGB1bZxVWqnhmSHbBBZ
=d71m
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
RE: please help me how to configure SSL 2 way on tamcat webser by using .net client. can anybody solve this problem
Posted by "Chandra Madhumanchi (cmadhuma)" <cm...@cisco.com>.
Do we have any solution ssl 2 way configuration on tamcat webserver
through .Net Client
-----Original Message-----
From: Chandra Madhumanchi (cmadhuma)
Sent: Wednesday, November 19, 2008 11:16 AM
To: users@tomcat.apache.org
Subject: please help me how to configure SSL 2 way on tamcat webser by
using .net client.
Hi
when i am validating client certificate by using .net class(sslStream)
http://msdn.microsoft.com/en-us/library/system.net.security.sslstream.as
px
i am getting error like SSPI failed.
Actually in server.xml i configure clientAuth as True.
<!-- Define a SSL HTTP/1.1 Connector on port 8443 -->
<Connector port="8443" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25"
maxSpareThreads="75"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
clientAuth="true" sslProtocol="TLS"
keystoreFile="server.keystore" keystorePass="123456" />
Do i need to do any other settings come out the problem.
Could you please provide any sample solution how to validate client
certificate on tamcat webserver through .Net client.
Regards
Chandra Madhumanchi
<http://www.cisco.com/>
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org