problem with client authentication with standalone tomcat server

[Stefaan <st...@wina.be>]

hello

A project I'm doing right now involves having a SSL enabled standalone
tomcat server (running on win2000) connecting to a SSL enabled client
(running on an embedded platform, and using a ported version of openSSL).
Both client as server use a certificate signed by a self-created CA. These
two certificates, as well as the one of the CA is added to the server
keystore, and both client as CA cert are loaded in the client.

During the set-up of this connection both server and client authentication
through RSA certs is needed, and this is where I have a problem: although
server authentication by the client works fine, I can't seem to get the
client authentication by the server to work.

Basically when I turn the clientAuth option in the ssl connector in
server.xml to "true", the ssl handshake is aborted and I don't know why. I
also used the basic s_client option of the openSSL command line utility
(compiled on a windows environment) to connect, and the same problem occurs,
so the problem does lie with my tomcat configuration, and not with my
client.

Is there something I'm overlooking, and is it überhaubt possible to use
standalone tomcat to do client authentication (I know how to do it using
apache, but for all sorts of reasons we would prefer the more lightweight
standalone tomcat). If it is possible, what do I need to do more than adding
all the certs to the server keystore, and turning clientAuth to true. I mean
just to do general client auth, I'm not even talking about security realms
or things like that.

I have been looking the past few days on the web for any references to
client auth on standalone tomcat, but basically I found only doubts and
half-truths.

So you can imagine that any help or reference to documents is more than
welcome

greetings

stefaan


--
To unsubscribe:   <ma...@jakarta.apache.org>
For additional commands: <ma...@jakarta.apache.org>
Troubles with the list: <ma...@jakarta.apache.org>