You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Bengt Bäverman <be...@baverman.se> on 2005/07/26 16:40:58 UTC
Using Tomcat and certificates from CAcert
Can you please tell med what's wrong with this setup?
I have one server runnig Fedora Core 3 and Tomcat 5.5.9 with Java 1.5.0_04.
Tomcat is setup to require a client certificate.
For this server I have generated a server cert and installed it.
I have one client running Windows 2000 SP4 with IE 6.0 and Firefox 1.0.4
For this client I have installed the same client certificate in both browsers.
All certificates come from CAcert.
Before I found CAcert I played a little bit with Javas keytool and created two certificates.
The server asked the client for a certificate, but my certificate on the client was not recognized when asked to select one. It simple was not in the list.
So I assumed that the server setup (at least the Tomcat part) is OK, but the client setup was wrong (and I don't mean Windows here... :-))
When I skipped the Java keytoolcertificates and tried certificates from CAcert I get absolutely no response when running with IE.
IE just says that the server cannot be found. When trying with Firefox I get an error message stating that the server
and the client cannot establish a connection as they have no common crypto algorithm (except I get the error message in Swedish...).
What can possibly be wrong?
Thanks in advance!
/Bengt
ps
When I generated the cert req with keytool I first tried with out stating a key length or algorith the when I tried again I used RSA and 1024 bits.
Still no cigar.
ds