You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@tomcat.apache.org by David Heggie <da...@intrapower.com.au> on 2001/10/11 01:20:43 UTC

Client Certificates with Tomcat 4 standalone

Hi,

I have been trying to set up client-cert authentication and have had no
success at present. The first attempt was to set up ssl and set clientAuth
to true.

<Connector className="org.apache.catalina.connector.http.HttpConnector"
               port="8443" minProcessors="5" maxProcessors="75"
               enableLookups="true"
	       acceptCount="10" debug="1" scheme="https" secure="true">
      <Factory className="org.apache.catalina.net.SSLServerSocketFactory"
               clientAuth="true" protocol="TLS"/>
</Connector>

The normal ssl works fine with clientAuth=false but when it is true the
browser comes up with an error "the page cannot be displayed".

My second attampt was to setup the default web-app security/protected
example to use CLIENT-AUTH auth.

<login-config>
      <auth-method>CLIENT-CERT</auth-method>
      <realm-name>Example Form-Based Authentication Area</realm-name>
</login-config>

When I browse to that directory the browser comes up with the same error but
this time the following is in the localhost_examples log.

CertificatesValve[/examples]:  verify: SSLPeerUnverifiedException

Does anyone know what this means, or how I can get this client certificate
thing working.

Thanks

David

Re: Client Certificates with Tomcat 4 standalone

Posted by jean-frederic clere <jf...@fujitsu-siemens.com>.

David Heggie wrote:
> 
> Hi,
> 
> I have been trying to set up client-cert authentication and have had no
> success at present. The first attempt was to set up ssl and set clientAuth
> to true.
> 
> <Connector className="org.apache.catalina.connector.http.HttpConnector"
>                port="8443" minProcessors="5" maxProcessors="75"
>                enableLookups="true"
>                acceptCount="10" debug="1" scheme="https" secure="true">
>       <Factory className="org.apache.catalina.net.SSLServerSocketFactory"

keystorePass="changeit"?

>                clientAuth="true" protocol="TLS"/>
> </Connector>
>  
> The normal ssl works fine with clientAuth=false but when it is true the
> browser comes up with an error "the page cannot be displayed".

Are you sure the CA is stored in /usr/java/jdk1.3.1/jre/lib/security/cacerts? TC
proposes a list of accepted CA's to the browser and it takes the list from
there.

> 
> My second attampt was to setup the default web-app security/protected
> example to use CLIENT-AUTH auth.
> 
> <login-config>
>       <auth-method>CLIENT-CERT</auth-method>
>       <realm-name>Example Form-Based Authentication Area</realm-name>
> </login-config>
> 
> When I browse to that directory the browser comes up with the same error but
> this time the following is in the localhost_examples log.
> 
> CertificatesValve[/examples]:  verify: SSLPeerUnverifiedException
> 
> Does anyone know what this means, or how I can get this client certificate
> thing working.
> 
> Thanks
> 
> David