You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Rodrigo Ruiz <rr...@gridsystems.com> on 2002/08/20 11:41:49 UTC

Client Certificates on Tomcat 3.3.1

Hi all,

I'm trying to setup a secure connection between Tomcat 3.3.1 and a java soap
client.

My soap service simply prints out some request data, and also the content of

request.getAttribute("javax.servlet.request.X509Certificate")

Following some example code I found on Internet (I'm not sure this code
should function)

I have followed the instructions in the xml.apache.org FAQ, and generated
all certificates with keytool.

Firstly, I configured tomcat with clientAuth set to false, and used a basic
authentication scheme in my web-app. It worked fine. When connecting through
my client, the service prints the next info:

Authorization: BASIC
Remote User: tomcat
Secured: true
Principal: tomcat
No client certificate is available

If I set clientAuth to true, it still works, but it keeps showing the "No
client certificate available" message.

The big problem comes when I configure my web-app to use CLIENT-CERT
authorization scheme.
It simply returns a 401 error code.

Any one can help me, please??

Thanks in advance,
Rodrigo Ruiz Aguayo

PS: Following is the bat file I'm using to generate the keystores:

del server.keystore
del client.keystore

copy %JAVA_HOME%\jre\lib\security\cacerts .\server.keystore
copy %JAVA_HOME%\jre\lib\security\cacerts .\client.keystore

REM Change default passwords
keytool -storepasswd -keystore server.keystore -storepass changeit -new
123456
keytool -storepasswd -keystore client.keystore -storepass changeit -new
123456

REM Create server.keystore
keytool -genkey -alias tomcat-sv -dname
"CN=neyade,OU=InnerGrid,O=GridSystems,L=Palma,S=Baleares,C=ES" -keyalg
RSA -keypass 123456 -storepass 123456 -keystore server.keystore
keytool -export -alias tomcat-sv -storepass 123456 -file
server.cer -keystore server.keystore

REM Import server certificate as a trusted CA in the client keystore
keytool -import -v -trustcacerts -alias tomcat -file server.cer -keystore
client.keystore -keypass 123456 -storepass 123456

REM Create client keystore
keytool -genkey -alias rruiz -dname
"CN=rruiz,OU=InnerGrid,O=GridSystems,L=Palma,S=Baleares,C=ES" -keyalg
RSA -keypass 123456 -storepass 123456 -keystore client.keystore
keytool -export -alias rruiz -storepass 123456 -file rruiz.cer -keystore
client.keystore

keytool -import -v -trustcacerts -alias tomcat -file rruiz.cer -keystore
server.keystore -keypass 123456 -storepass 123456


--
To unsubscribe, e-mail:   <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>