You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by David Heggie <da...@intrapower.com.au> on 2001/10/11 01:20:43 UTC
Client Certificates with Tomcat 4 standalone
Hi,
I have been trying to set up client-cert authentication and have had no
success at present. The first attempt was to set up ssl and set clientAuth
to true.
<Connector className="org.apache.catalina.connector.http.HttpConnector"
port="8443" minProcessors="5" maxProcessors="75"
enableLookups="true"
acceptCount="10" debug="1" scheme="https" secure="true">
<Factory className="org.apache.catalina.net.SSLServerSocketFactory"
clientAuth="true" protocol="TLS"/>
</Connector>
The normal ssl works fine with clientAuth=false but when it is true the
browser comes up with an error "the page cannot be displayed".
My second attampt was to setup the default web-app security/protected
example to use CLIENT-AUTH auth.
<login-config>
<auth-method>CLIENT-CERT</auth-method>
<realm-name>Example Form-Based Authentication Area</realm-name>
</login-config>
When I browse to that directory the browser comes up with the same error but
this time the following is in the localhost_examples log.
CertificatesValve[/examples]: verify: SSLPeerUnverifiedException
Does anyone know what this means, or how I can get this client certificate
thing working.
Thanks
David
Re: Client Certificates with Tomcat 4 standalone
Posted by jean-frederic clere <jf...@fujitsu-siemens.com>.
David Heggie wrote:
>
> Hi,
>
> I have been trying to set up client-cert authentication and have had no
> success at present. The first attempt was to set up ssl and set clientAuth
> to true.
>
> <Connector className="org.apache.catalina.connector.http.HttpConnector"
> port="8443" minProcessors="5" maxProcessors="75"
> enableLookups="true"
> acceptCount="10" debug="1" scheme="https" secure="true">
> <Factory className="org.apache.catalina.net.SSLServerSocketFactory"
keystorePass="changeit"?
> clientAuth="true" protocol="TLS"/>
> </Connector>
>
> The normal ssl works fine with clientAuth=false but when it is true the
> browser comes up with an error "the page cannot be displayed".
Are you sure the CA is stored in /usr/java/jdk1.3.1/jre/lib/security/cacerts? TC
proposes a list of accepted CA's to the browser and it takes the list from
there.
>
> My second attampt was to setup the default web-app security/protected
> example to use CLIENT-AUTH auth.
>
> <login-config>
> <auth-method>CLIENT-CERT</auth-method>
> <realm-name>Example Form-Based Authentication Area</realm-name>
> </login-config>
>
> When I browse to that directory the browser comes up with the same error but
> this time the following is in the localhost_examples log.
>
> CertificatesValve[/examples]: verify: SSLPeerUnverifiedException
>
> Does anyone know what this means, or how I can get this client certificate
> thing working.
>
> Thanks
>
> David