You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Rodrigo Ruiz <rr...@gridsystems.com> on 2002/08/20 11:41:49 UTC
Client Certificates on Tomcat 3.3.1
Hi all,
I'm trying to setup a secure connection between Tomcat 3.3.1 and a java soap
client.
My soap service simply prints out some request data, and also the content of
request.getAttribute("javax.servlet.request.X509Certificate")
Following some example code I found on Internet (I'm not sure this code
should function)
I have followed the instructions in the xml.apache.org FAQ, and generated
all certificates with keytool.
Firstly, I configured tomcat with clientAuth set to false, and used a basic
authentication scheme in my web-app. It worked fine. When connecting through
my client, the service prints the next info:
Authorization: BASIC
Remote User: tomcat
Secured: true
Principal: tomcat
No client certificate is available
If I set clientAuth to true, it still works, but it keeps showing the "No
client certificate available" message.
The big problem comes when I configure my web-app to use CLIENT-CERT
authorization scheme.
It simply returns a 401 error code.
Any one can help me, please??
Thanks in advance,
Rodrigo Ruiz Aguayo
PS: Following is the bat file I'm using to generate the keystores:
del server.keystore
del client.keystore
copy %JAVA_HOME%\jre\lib\security\cacerts .\server.keystore
copy %JAVA_HOME%\jre\lib\security\cacerts .\client.keystore
REM Change default passwords
keytool -storepasswd -keystore server.keystore -storepass changeit -new
123456
keytool -storepasswd -keystore client.keystore -storepass changeit -new
123456
REM Create server.keystore
keytool -genkey -alias tomcat-sv -dname
"CN=neyade,OU=InnerGrid,O=GridSystems,L=Palma,S=Baleares,C=ES" -keyalg
RSA -keypass 123456 -storepass 123456 -keystore server.keystore
keytool -export -alias tomcat-sv -storepass 123456 -file
server.cer -keystore server.keystore
REM Import server certificate as a trusted CA in the client keystore
keytool -import -v -trustcacerts -alias tomcat -file server.cer -keystore
client.keystore -keypass 123456 -storepass 123456
REM Create client keystore
keytool -genkey -alias rruiz -dname
"CN=rruiz,OU=InnerGrid,O=GridSystems,L=Palma,S=Baleares,C=ES" -keyalg
RSA -keypass 123456 -storepass 123456 -keystore client.keystore
keytool -export -alias rruiz -storepass 123456 -file rruiz.cer -keystore
client.keystore
keytool -import -v -trustcacerts -alias tomcat -file rruiz.cer -keystore
server.keystore -keypass 123456 -storepass 123456
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>