You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by amcereijo cereijo <am...@gmail.com> on 2011/01/17 15:14:05 UTC
Error Tomcat CLIENT-CERT autentication.
Hi,
I´m trying to configure the tomcat for mutual authentication with server
and client using certificate.
I have a tomcat 5.5.26 and a java web application (web service) under JVM
1.5
I did the next:
I generated two certificates with keytool, one for client and other for
server.
I created a cacerts importing for the server, the client certificate and
for the client, importing the server certificate.
In my web application (web service), I configure the web.xml like this
*<**security-constraint**>***
* **<**web-resource-collection**>***
* **<**web-resource-name**>**webservice**</**
web-resource-name**>***
* **<**url-pattern**>**/webservice**</**url-pattern**>***
* **<**http-method**>**POST**</**http-method**>***
* **</**web-resource-collection**>***
* ***
* **<**auth-constraint**>***
* **<**role-name**>**webservice**</**role-name**>***
* **</**auth-constraint**>***
* ***
* **<**user-data-constraint**>***
* **<**transport-guarantee**>**CONFIDENTIAL**</**
transport-guarantee**>***
* **</**user-data-constraint**>***
* ***
* **</**security-constraint**>***
* *
* **<**login-config**>***
* **<!-- auth-method>BASIC</auth-method -->***
* **<**auth-method**>**CLIENT-CERT**</**auth-method**>***
* **<**realm-name**>**webservice** </**realm-name**>***
* **</**login-config**>***
* *
* **<**security-role**>***
* **<**role-name**>**webservice**</**role-name**>***
* **</**security-role**>***
I configure the server.xml adding
*<Connector port="8443" maxHttpHeaderSize="8192"*
* protocol="HTTP/1.1"*
* SSLEnabled="true"*
* maxThreads="150"
minSpareThreads="25" maxSpareThreads="75"*
* enableLookups="false"
disableUploadTimeout="true"*
* acceptCount="100"
scheme="https" secure="true"*
* clientAuth="true"
sslProtocol="TLS" *
* keystoreFile="C:\Archivos de
programa\Apache Software Foundation\Tomcat 5.5\conf\tomcatserver.keystore"*
* keystorePass="tomcat"*
*
keyAlias="tomcatcertlocalhost"*
* keypass="tomcat"*
* truststoreFile="C:\Archivos
de programa\Apache Software Foundation\Tomcat
5.5\conf\tomcatservercacerts.keystore"*
* truststorePass="tomcat"*
*/>*
I add in tomcat-users.xml the following
*<role rolename="webservice"/>*
*<user username="CN=client, OU=client, O=client, L=Madrid, ST=Madrid, C=ES"
password="null" roles="webservice"/>*
When I execute my client for call the webservice, I put the properties
*System.setProperty(**"javax.net.ssl.trustStore"**,**"C:/Program
Files/Apache Software Foundation/Tomcat 5.5/conf/truststore.keystore"**);***
* System.setProperty(**"javax.net.ssl.trustStorePassword"**,**
"tomcat"**);***
* ***
* System.setProperty(**"javax.net.ssl.keyStore"**,
**"C:/OpenSSL-Win32/bin/ssl/client/client1.p12"**);***
* System.setProperty(**
"javax.net.ssl.keyStorePassword"**,**"tomcat"**);***
* System.setProperty(**
"javax.net.ssl.keyStoreType"**,**"PKCS12"**);*
In server logs I get the error:
*17-ene-2011 13:20:34 org.apache.coyote.http11.Http11Processor action*
*ADVERTENCIA: Exception getting SSL attributes*
*javax.net.ssl.SSLHandshakeException: null cert chain*
* at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown
Source)*
* at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(Unknown Source)*
* at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)*
* at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)*
* at
com.sun.net.ssl.internal.ssl.ServerHandshaker.clientCertificate(Unknown
Source)*
* at
com.sun.net.ssl.internal.ssl.ServerHandshaker.processMessage(Unknown Source)
*
* at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown
Source)*
* at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Unknown
Source)*
* at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown
Source)*
* at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readDataRecord(Unknown
Source)*
* at com.sun.net.ssl.internal.ssl.AppInputStream.read(Unknown Source)*
* at java.io.InputStream.read(Unknown Source)*
* at
org.apache.tomcat.util.net.jsse.JSSE14Support.synchronousHandshake(JSSE14Support.java:88)
*
* at
org.apache.tomcat.util.net.jsse.JSSE14Support.handShake(JSSE14Support.java:67)
*
* at
org.apache.tomcat.util.net.jsse.JSSESupport.getPeerCertificateChain(JSSESupport.java:121)
*
* at
org.apache.coyote.http11.Http11Processor.action(Http11Processor.java:1131)*
* at org.apache.coyote.Request.action(Request.java:349)*
* at
org.apache.catalina.authenticator.SSLAuthenticator.authenticate(SSLAuthenticator.java:138)
*
* at
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:491)
*
* at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
*
* at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117)
*
* at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:108)
*
* at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:174)*
* at
org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:874)*
* at
org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:665)
*
* at
org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:528)
*
* at
org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:81)
*
* at
org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:689)
*
* at java.lang.Thread.run(Unknown Source)*
I also prove different configurations and I never get good result. Only with
user and password I get successful result (putting BASIC authentication
instead of CLIENT-CERT).
Thanks, regards. Ángel.
Re: Error Tomcat CLIENT-CERT autentication.
Posted by amcereijo cereijo <am...@gmail.com>.
Hi,
Finally I did it works.
I changed a piece of code for validating local certificates that i found
looking for in internet:
*private static void localHostNameVerifi() throws Exception{*
* HostnameVerifier hv = new HostnameVerifier()*
* {*
* public boolean verify(String urlHostName, SSLSession session)*
* {*
* System.out.println("Warning: URL Host: " + urlHostName + " vs.
"*
* + session.getPeerHost());*
* return true;*
* }*
* };*
* trustAllHttpsCertificates();*
* HttpsURLConnection.setDefaultHostnameVerifier(hv);*
* }*
* *
* *
* public static class miTM implements javax.net.ssl.TrustManager,*
* javax.net.ssl.X509TrustManager*
* {*
* public java.security.cert.X509Certificate[] getAcceptedIssuers()*
* {*
* return null;*
* }*
* *
* public boolean isServerTrusted(*
* java.security.cert.X509Certificate[] certs)*
* {*
* return true;*
* }*
* *
* public boolean isClientTrusted(*
* java.security.cert.X509Certificate[] certs)*
* {*
* return true;*
* }*
* *
* public void checkServerTrusted(*
* java.security.cert.X509Certificate[] certs, String
authType)*
* throws java.security.cert.CertificateException*
* {*
* return;*
* }*
* *
* public void checkClientTrusted(*
* java.security.cert.X509Certificate[] certs, String
authType)*
* throws java.security.cert.CertificateException*
* {*
* return;*
* }*
* }*
* private static void trustAllHttpsCertificates() throws Exception*
* {*
* *
* // Create a trust manager that does not validate certificate
chains:*
* *
* javax.net.ssl.TrustManager[] trustAllCerts =*
* *
* new javax.net.ssl.TrustManager[1];*
* *
* javax.net.ssl.TrustManager tm = new miTM();*
* *
* trustAllCerts[0] = tm;*
* *
* javax.net.ssl.SSLContext sc =*
* *
* javax.net.ssl.SSLContext.getInstance("SSL");*
* *
* sc.init(null, trustAllCerts, null);*
* *
* javax.net.ssl.HttpsURLConnection.setDefaultSSLSocketFactory(*
* *
* sc.getSocketFactory());*
* *
* }*
For this code (get on SCJWS guide by Ivan A Kirzsan):
* static{*
* HttpsURLConnection.setDefaultHostnameVerifier(new
HostnameVerifier() {*
* public boolean verify(String hostname, SSLSession session) {*
* if(hostname.equals("localhost")){*
* return true;*
* }*
* return false;*
* }*
*
*
* });*
* }*
Now, almost in local, it´s working perfect.
Thanks, regards. Ángel.
2011/1/18 Goo Sam Kong <sk...@gmail.com>
> Hi Angel,
>
> I encountered the same problem as you with Tomcat 5.5.27, so I upgraded to
> latest Tomcat to get rid of the certification error.
>
> https://issues.apache.org/bugzilla/show_bug.cgi?id=37869 is bug report on
> certification error.
>
> Thank you.
>
>
> On 17 January 2011 22:14, amcereijo cereijo <am...@gmail.com> wrote:
>
> > Hi,
> >
> >
> > I´m trying to configure the tomcat for mutual authentication with server
> > and client using certificate.
> >
> > I have a tomcat 5.5.26 and a java web application (web service) under JVM
> > 1.5
> >
> > I did the next:
> >
> >
> >
> > I generated two certificates with keytool, one for client and other for
> > server.
> >
> > I created a cacerts importing for the server, the client certificate and
> > for the client, importing the server certificate.
> >
> >
> >
> > In my web application (web service), I configure the web.xml like this
> >
> > *<**security-constraint**>***
> >
> > * **<**web-resource-collection**>***
> >
> > * **<**web-resource-name**>**webservice**</**
> > web-resource-name**>***
> >
> > *
> > **<**url-pattern**>**/webservice**</**url-pattern**>***
> >
> > * **<**http-method**>**POST**</**http-method**>***
> >
> > * **</**web-resource-collection**>***
> >
> > * ***
> >
> > * **<**auth-constraint**>***
> >
> > * **<**role-name**>**webservice**</**role-name**>***
> >
> > * **</**auth-constraint**>***
> >
> > * ***
> >
> > * **<**user-data-constraint**>***
> >
> > * **<**transport-guarantee**>**CONFIDENTIAL**</**
> > transport-guarantee**>***
> >
> > * **</**user-data-constraint**>***
> >
> > * ***
> >
> > * **</**security-constraint**>***
> >
> > * *
> >
> > * **<**login-config**>***
> >
> > * **<!-- auth-method>BASIC</auth-method -->***
> >
> > * **<**auth-method**>**CLIENT-CERT**</**auth-method**>***
> >
> > * **<**realm-name**>**webservice** </**realm-name**>***
> >
> > * **</**login-config**>***
> >
> > * *
> >
> > * **<**security-role**>***
> >
> > * **<**role-name**>**webservice**</**role-name**>***
> >
> > * **</**security-role**>***
> >
> >
> >
> > I configure the server.xml adding
> >
> > *<Connector port="8443" maxHttpHeaderSize="8192"*
> >
> > * protocol="HTTP/1.1"*
> >
> > * SSLEnabled="true"*
> >
> > * maxThreads="150"
> > minSpareThreads="25" maxSpareThreads="75"*
> >
> > * enableLookups="false"
> > disableUploadTimeout="true"*
> >
> > * acceptCount="100"
> > scheme="https" secure="true"*
> >
> > * clientAuth="true"
> > sslProtocol="TLS" *
> >
> > * keystoreFile="C:\Archivos
> > de
> > programa\Apache Software Foundation\Tomcat
> 5.5\conf\tomcatserver.keystore"*
> >
> > * keystorePass="tomcat"*
> >
> > *
> > keyAlias="tomcatcertlocalhost"*
> >
> > * keypass="tomcat"*
> >
> > *
> truststoreFile="C:\Archivos
> > de programa\Apache Software Foundation\Tomcat
> > 5.5\conf\tomcatservercacerts.keystore"*
> >
> > * truststorePass="tomcat"*
> >
> > */>*
> >
> >
> >
> > I add in tomcat-users.xml the following
> >
> > *<role rolename="webservice"/>*
> >
> > *<user username="CN=client, OU=client, O=client, L=Madrid, ST=Madrid,
> C=ES"
> > password="null" roles="webservice"/>*
> >
> >
> >
> > When I execute my client for call the webservice, I put the properties
> >
> > *System.setProperty(**"javax.net.ssl.trustStore"**,**"C:/Program
> > Files/Apache Software Foundation/Tomcat
> > 5.5/conf/truststore.keystore"**);***
> >
> > *
> System.setProperty(**"javax.net.ssl.trustStorePassword"**,**
> > "tomcat"**);***
> >
> > * ***
> >
> > *
> > System.setProperty(**"javax.net.ssl.keyStore"**,
> > **"C:/OpenSSL-Win32/bin/ssl/client/client1.p12"**);***
> >
> > * System.setProperty(**
> > "javax.net.ssl.keyStorePassword"**,**"tomcat"**);***
> >
> > * System.setProperty(**
> > "javax.net.ssl.keyStoreType"**,**"PKCS12"**);*
> >
> >
> >
> > In server logs I get the error:
> >
> >
> > *17-ene-2011 13:20:34 org.apache.coyote.http11.Http11Processor action*
> >
> > *ADVERTENCIA: Exception getting SSL attributes*
> >
> > *javax.net.ssl.SSLHandshakeException: null cert chain*
> >
> > * at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown
> > Source)*
> >
> > * at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(Unknown
> > Source)*
> >
> > * at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown
> Source)*
> >
> > * at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown
> Source)*
> >
> > * at
> > com.sun.net.ssl.internal.ssl.ServerHandshaker.clientCertificate(Unknown
> > Source)*
> >
> > * at
> > com.sun.net.ssl.internal.ssl.ServerHandshaker.processMessage(Unknown
> > Source)
> > *
> >
> > * at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown
> > Source)*
> >
> > * at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Unknown
> > Source)*
> >
> > * at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown
> > Source)*
> >
> > * at
> > com.sun.net.ssl.internal.ssl.SSLSocketImpl.readDataRecord(Unknown
> > Source)*
> >
> > * at com.sun.net.ssl.internal.ssl.AppInputStream.read(Unknown
> > Source)*
> >
> > * at java.io.InputStream.read(Unknown Source)*
> >
> > * at
> >
> >
> org.apache.tomcat.util.net.jsse.JSSE14Support.synchronousHandshake(JSSE14Support.java:88)
> > *
> >
> > * at
> >
> >
> org.apache.tomcat.util.net.jsse.JSSE14Support.handShake(JSSE14Support.java:67)
> > *
> >
> > * at
> >
> >
> org.apache.tomcat.util.net.jsse.JSSESupport.getPeerCertificateChain(JSSESupport.java:121)
> > *
> >
> > * at
> >
> org.apache.coyote.http11.Http11Processor.action(Http11Processor.java:1131)*
> >
> > * at org.apache.coyote.Request.action(Request.java:349)*
> >
> > * at
> >
> >
> org.apache.catalina.authenticator.SSLAuthenticator.authenticate(SSLAuthenticator.java:138)
> > *
> >
> > * at
> >
> >
> org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:491)
> > *
> >
> > * at
> >
> >
> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
> > *
> >
> > * at
> >
> >
> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117)
> > *
> >
> > * at
> >
> >
> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:108)
> > *
> >
> > * at
> >
> >
> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:174)*
> >
> > * at
> >
> org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:874)*
> >
> > * at
> >
> >
> org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:665)
> > *
> >
> > * at
> >
> >
> org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:528)
> > *
> >
> > * at
> >
> >
> org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:81)
> > *
> >
> > * at
> >
> >
> org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:689)
> > *
> >
> > * at java.lang.Thread.run(Unknown Source)*
> >
> >
> >
> >
> >
> > I also prove different configurations and I never get good result. Only
> > with
> > user and password I get successful result (putting BASIC authentication
> > instead of CLIENT-CERT).
> >
> >
> >
> > Thanks, regards. Ángel.
> >
>
Re: Error Tomcat CLIENT-CERT autentication.
Posted by Goo Sam Kong <sk...@gmail.com>.
Hi Angel,
I encountered the same problem as you with Tomcat 5.5.27, so I upgraded to
latest Tomcat to get rid of the certification error.
https://issues.apache.org/bugzilla/show_bug.cgi?id=37869 is bug report on
certification error.
Thank you.
On 17 January 2011 22:14, amcereijo cereijo <am...@gmail.com> wrote:
> Hi,
>
>
> I´m trying to configure the tomcat for mutual authentication with server
> and client using certificate.
>
> I have a tomcat 5.5.26 and a java web application (web service) under JVM
> 1.5
>
> I did the next:
>
>
>
> I generated two certificates with keytool, one for client and other for
> server.
>
> I created a cacerts importing for the server, the client certificate and
> for the client, importing the server certificate.
>
>
>
> In my web application (web service), I configure the web.xml like this
>
> *<**security-constraint**>***
>
> * **<**web-resource-collection**>***
>
> * **<**web-resource-name**>**webservice**</**
> web-resource-name**>***
>
> *
> **<**url-pattern**>**/webservice**</**url-pattern**>***
>
> * **<**http-method**>**POST**</**http-method**>***
>
> * **</**web-resource-collection**>***
>
> * ***
>
> * **<**auth-constraint**>***
>
> * **<**role-name**>**webservice**</**role-name**>***
>
> * **</**auth-constraint**>***
>
> * ***
>
> * **<**user-data-constraint**>***
>
> * **<**transport-guarantee**>**CONFIDENTIAL**</**
> transport-guarantee**>***
>
> * **</**user-data-constraint**>***
>
> * ***
>
> * **</**security-constraint**>***
>
> * *
>
> * **<**login-config**>***
>
> * **<!-- auth-method>BASIC</auth-method -->***
>
> * **<**auth-method**>**CLIENT-CERT**</**auth-method**>***
>
> * **<**realm-name**>**webservice** </**realm-name**>***
>
> * **</**login-config**>***
>
> * *
>
> * **<**security-role**>***
>
> * **<**role-name**>**webservice**</**role-name**>***
>
> * **</**security-role**>***
>
>
>
> I configure the server.xml adding
>
> *<Connector port="8443" maxHttpHeaderSize="8192"*
>
> * protocol="HTTP/1.1"*
>
> * SSLEnabled="true"*
>
> * maxThreads="150"
> minSpareThreads="25" maxSpareThreads="75"*
>
> * enableLookups="false"
> disableUploadTimeout="true"*
>
> * acceptCount="100"
> scheme="https" secure="true"*
>
> * clientAuth="true"
> sslProtocol="TLS" *
>
> * keystoreFile="C:\Archivos
> de
> programa\Apache Software Foundation\Tomcat 5.5\conf\tomcatserver.keystore"*
>
> * keystorePass="tomcat"*
>
> *
> keyAlias="tomcatcertlocalhost"*
>
> * keypass="tomcat"*
>
> * truststoreFile="C:\Archivos
> de programa\Apache Software Foundation\Tomcat
> 5.5\conf\tomcatservercacerts.keystore"*
>
> * truststorePass="tomcat"*
>
> */>*
>
>
>
> I add in tomcat-users.xml the following
>
> *<role rolename="webservice"/>*
>
> *<user username="CN=client, OU=client, O=client, L=Madrid, ST=Madrid, C=ES"
> password="null" roles="webservice"/>*
>
>
>
> When I execute my client for call the webservice, I put the properties
>
> *System.setProperty(**"javax.net.ssl.trustStore"**,**"C:/Program
> Files/Apache Software Foundation/Tomcat
> 5.5/conf/truststore.keystore"**);***
>
> * System.setProperty(**"javax.net.ssl.trustStorePassword"**,**
> "tomcat"**);***
>
> * ***
>
> *
> System.setProperty(**"javax.net.ssl.keyStore"**,
> **"C:/OpenSSL-Win32/bin/ssl/client/client1.p12"**);***
>
> * System.setProperty(**
> "javax.net.ssl.keyStorePassword"**,**"tomcat"**);***
>
> * System.setProperty(**
> "javax.net.ssl.keyStoreType"**,**"PKCS12"**);*
>
>
>
> In server logs I get the error:
>
>
> *17-ene-2011 13:20:34 org.apache.coyote.http11.Http11Processor action*
>
> *ADVERTENCIA: Exception getting SSL attributes*
>
> *javax.net.ssl.SSLHandshakeException: null cert chain*
>
> * at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown
> Source)*
>
> * at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(Unknown
> Source)*
>
> * at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)*
>
> * at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)*
>
> * at
> com.sun.net.ssl.internal.ssl.ServerHandshaker.clientCertificate(Unknown
> Source)*
>
> * at
> com.sun.net.ssl.internal.ssl.ServerHandshaker.processMessage(Unknown
> Source)
> *
>
> * at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown
> Source)*
>
> * at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Unknown
> Source)*
>
> * at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown
> Source)*
>
> * at
> com.sun.net.ssl.internal.ssl.SSLSocketImpl.readDataRecord(Unknown
> Source)*
>
> * at com.sun.net.ssl.internal.ssl.AppInputStream.read(Unknown
> Source)*
>
> * at java.io.InputStream.read(Unknown Source)*
>
> * at
>
> org.apache.tomcat.util.net.jsse.JSSE14Support.synchronousHandshake(JSSE14Support.java:88)
> *
>
> * at
>
> org.apache.tomcat.util.net.jsse.JSSE14Support.handShake(JSSE14Support.java:67)
> *
>
> * at
>
> org.apache.tomcat.util.net.jsse.JSSESupport.getPeerCertificateChain(JSSESupport.java:121)
> *
>
> * at
> org.apache.coyote.http11.Http11Processor.action(Http11Processor.java:1131)*
>
> * at org.apache.coyote.Request.action(Request.java:349)*
>
> * at
>
> org.apache.catalina.authenticator.SSLAuthenticator.authenticate(SSLAuthenticator.java:138)
> *
>
> * at
>
> org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:491)
> *
>
> * at
>
> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
> *
>
> * at
>
> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117)
> *
>
> * at
>
> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:108)
> *
>
> * at
>
> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:174)*
>
> * at
> org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:874)*
>
> * at
>
> org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:665)
> *
>
> * at
>
> org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:528)
> *
>
> * at
>
> org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:81)
> *
>
> * at
>
> org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:689)
> *
>
> * at java.lang.Thread.run(Unknown Source)*
>
>
>
>
>
> I also prove different configurations and I never get good result. Only
> with
> user and password I get successful result (putting BASIC authentication
> instead of CLIENT-CERT).
>
>
>
> Thanks, regards. Ángel.
>