You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Luis Villa <lv...@gmail.com> on 2007/04/02 09:30:39 UTC
Re: Problems with clientAuth
Hello Martin,
Well, at least you are lucky Internet Explorer asks for the certificate,
this is what it's supposed to do when using clientAuth="true". What is
happening to me is that all works well with clientAuth = "false", when
changing it to clientAuth="true", Firefox throws this error and IExplorer
just can't "find" the page.
About secure="true", I'm not sure what it does, I copied it from the Tomcat
5.5. SSL Howto :S
I must confess I have no clue on how to make this work
2007/3/30, Martin Cavanagh <ca...@con-sense-group.com>:
>
> Hi Luis.
>
> I'm pretty sure I'm having exactly the same problem as you - maybe we
> can solve it together:)
>
> When I enable client authentification in my config clientAuth="true" for
> you, since your using the Java KeyStore (I'm trying to use OpenSSL),
>
> I get exactly the same error in Firefox! (except in German ;) )
>
> In Internet Explorer I get a message, that the Server requires a
> certificate and I need to provide one and that I should select one (I
> don't have any installed in Internet Explorer).
>
> Are you sure that you don't have Client Authenification turned on?
>
> What does the setting secure="true" actually do?
>
> Good luck - let me know how you go.
>
> Martin
>
> Luis Villa wrote:
> > Hello all,
> >
> > I' a newbie un the list, so first of all I'd like to say hello to
> > everyone
> > :)
> >
> > After this, I'd like to ask for help with a problem I have configuring
> > Tomcat for digital certifications. I've followed all the steps in the
> > Tomcat
> > SSL HOWTO and my tomcat now has a secure connector in port 8443. So,
> > I've no
> > error when trying to enter http://localhost:8443
> >
> > The key in server.xml is the following:
> >
> > <Connector port="8443" maxHttpHeaderSize="8192"
> > maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
> > enableLookups="false" disableUploadTimeout="true"
> > acceptCount="100" scheme="https" secure="true"
> > clientAuth="false" sslProtocol="TLS" keystoreFile="conf\.keystore"
> > keystorePass="changeit"/>
> >
> >
> > The problem appears when changing clientAuth to true. Then, when using
> > iexplorer the browser simply can't find the page (or this is what it
> > says),
> > and when using firefox it warns about the certificate, but after
> > accepting
> > the certification it says that 'localhost has received an unexpected or
> > incorrect message. Error code: -12229'. I've been googling for two
> > days and
> > I can't find a clue about what is failing nor what means this error
> code.
> >
> > I'd be very grateful if somebody can help me with this, so my boss could
> > stop cleaning this gun of his... :P
> >
> > Thanks in advance for your help :)
> >
> > Greetings!
> >
>
>
> --
> Con-Sense-GmbH
> __
> _Martin Cavanagh_
>
> Tel.: +49541 800 83 0
> Fax: +49541 800 83 99
>
> cavanagh@con-sense-group.com <ma...@con-sense-group.com>
>
> Con-Sense GmbH
> Neuer Graben 25
> 49074 Osnabrück
> www.con-sense-group.com <http://www.con-sense-group.com>
>
> Geschäftsführer Eckhard Schulz
> Amtsgericht Hildesheim HRB 3341
>
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
Re: Problems with clientAuth
Posted by Luis Villa <lv...@gmail.com>.
Ok, I forgot!
I used both keytool and openssl, it seems the problem is not there as Tomcat
gives the same error with both.
Greetings!
2007/4/2, Luis Villa <lv...@gmail.com>:
>
> Hello Martin,
>
> Well, at least you are lucky Internet Explorer asks for the certificate,
> this is what it's supposed to do when using clientAuth="true". What is
> happening to me is that all works well with clientAuth = "false", when
> changing it to clientAuth="true", Firefox throws this error and IExplorer
> just can't "find" the page.
>
> About secure="true", I'm not sure what it does, I copied it from the
> Tomcat 5.5. SSL Howto :S
>
> I must confess I have no clue on how to make this work
>
>
> 2007/3/30, Martin Cavanagh < cavanagh@con-sense-group.com>:
> >
> > Hi Luis.
> >
> > I'm pretty sure I'm having exactly the same problem as you - maybe we
> > can solve it together:)
> >
> > When I enable client authentification in my config clientAuth="true" for
> > you, since your using the Java KeyStore (I'm trying to use OpenSSL),
> >
> > I get exactly the same error in Firefox! (except in German ;) )
> >
> > In Internet Explorer I get a message, that the Server requires a
> > certificate and I need to provide one and that I should select one (I
> > don't have any installed in Internet Explorer).
> >
> > Are you sure that you don't have Client Authenification turned on?
> >
> > What does the setting secure="true" actually do?
> >
> > Good luck - let me know how you go.
> >
> > Martin
> >
> > Luis Villa wrote:
> > > Hello all,
> > >
> > > I' a newbie un the list, so first of all I'd like to say hello to
> > > everyone
> > > :)
> > >
> > > After this, I'd like to ask for help with a problem I have configuring
> >
> > > Tomcat for digital certifications. I've followed all the steps in the
> > > Tomcat
> > > SSL HOWTO and my tomcat now has a secure connector in port 8443. So,
> > > I've no
> > > error when trying to enter http://localhost:8443
> > >
> > > The key in server.xml is the following:
> > >
> > > <Connector port="8443" maxHttpHeaderSize="8192"
> > > maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
> > > enableLookups="false" disableUploadTimeout="true"
> > > acceptCount="100" scheme="https" secure="true"
> > > clientAuth="false" sslProtocol="TLS" keystoreFile="conf\.keystore"
> > > keystorePass="changeit"/>
> > >
> > >
> > > The problem appears when changing clientAuth to true. Then, when using
> > > iexplorer the browser simply can't find the page (or this is what it
> > > says),
> > > and when using firefox it warns about the certificate, but after
> > > accepting
> > > the certification it says that 'localhost has received an unexpected
> > or
> > > incorrect message. Error code: -12229'. I've been googling for two
> > > days and
> > > I can't find a clue about what is failing nor what means this error
> > code.
> > >
> > > I'd be very grateful if somebody can help me with this, so my boss
> > could
> > > stop cleaning this gun of his... :P
> > >
> > > Thanks in advance for your help :)
> > >
> > > Greetings!
> > >
> >
> >
> > --
> > Con-Sense-GmbH
> > __
> > _Martin Cavanagh_
> >
> > Tel.: +49541 800 83 0
> > Fax: +49541 800 83 99
> >
> > cavanagh@con-sense-group.com <ma...@con-sense-group.com>
> >
> > Con-Sense GmbH
> > Neuer Graben 25
> > 49074 Osnabrück
> > www.con-sense-group.com <http://www.con-sense-group.com>
> >
> > Geschäftsführer Eckhard Schulz
> > Amtsgericht Hildesheim HRB 3341
> >
> > ---------------------------------------------------------------------
> > To start a new topic, e-mail: users@tomcat.apache.org
> > To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> > For additional commands, e-mail: users-help@tomcat.apache.org
> >
> >
>