You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Su...@cognizant.com on 2007/09/26 14:30:49 UTC
Setting ClientAuth parameter to true
Hi,
I am unable to set client authentication for SSL in tomcat 5.5.2. I have
generated the certificate for the client and imported the same into the
server's keystore so that the server can verify the client's
certificate. The following is the modification I make on server.xml.
<Connector port="8443" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25"
maxSpareThreads="75"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
clientAuth="true" sslProtocol="TLS"
keystoreFile="D:\Projects\Starwood\WSOverSSL\axis\server.keystore"
keystorePass="xxxxxx"
truststoreFile="D:\Projects\Starwood\WSOverSSL\axis\server.keystore"
truststorePass="xxxxxx " />
once this change is done and the server is restarted, I am not able to
hit this url https://localhost:8443 <https://localhost:8443/> .
At the same time, if I change the value of clientAuth back to "false" I
am able to access the url.
Can some pls help where I went wrong?
Thanks,
-Subhash-
This e-mail and any files transmitted with it are for the sole use of the intended recipient(s) and may contain confidential and privileged information.
If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message.
Any unauthorized review, use, disclosure, dissemination, forwarding, printing or copying of this email or any action taken in reliance on this e-mail is strictly
prohibited and may be unlawful.
RE: Setting ClientAuth parameter to true
Posted by Su...@cognizant.com.
Thanks for getting back Filip.
I had done this too.. what I did was : created a server keystore and
imported the client certificate into it. Then the gave the server
keystore location to the 'truststoreFile' parameter. Once this
modification is done in server.xml I restart tomcat but its not really
helping me out.
Thanks,
-Subhash-
-----Original Message-----
From: Filip Hanik - Dev Lists [mailto:devlists@hanik.com]
Sent: Thursday, September 27, 2007 12:32 AM
To: Tomcat Users List
Subject: Re: Setting ClientAuth parameter to true
Your trust store will need to contain the cert the client is supposed to
send up,
Filip
Subhash.NarayananDroupathy@cognizant.com wrote:
> Hi,
>
>
>
> I am unable to set client authentication for SSL in tomcat 5.5.2. I
have
> generated the certificate for the client and imported the same into
the
> server's keystore so that the server can verify the client's
> certificate. The following is the modification I make on server.xml.
>
>
>
> <Connector port="8443" maxHttpHeaderSize="8192"
>
> maxThreads="150" minSpareThreads="25"
> maxSpareThreads="75"
>
> enableLookups="false" disableUploadTimeout="true"
>
> acceptCount="100" scheme="https" secure="true"
>
> clientAuth="true" sslProtocol="TLS"
>
>
> keystoreFile="D:\Projects\Starwood\WSOverSSL\axis\server.keystore"
> keystorePass="xxxxxx"
>
>
> truststoreFile="D:\Projects\Starwood\WSOverSSL\axis\server.keystore"
> truststorePass="xxxxxx " />
>
>
>
> once this change is done and the server is restarted, I am not able to
> hit this url https://localhost:8443 <https://localhost:8443/> .
>
>
>
> At the same time, if I change the value of clientAuth back to "false"
I
> am able to access the url.
>
>
>
> Can some pls help where I went wrong?
>
>
>
> Thanks,
>
> -Subhash-
>
>
>
> This e-mail and any files transmitted with it are for the sole use of
the intended recipient(s) and may contain confidential and privileged
information.
> If you are not the intended recipient, please contact the sender by
reply e-mail and destroy all copies of the original message.
> Any unauthorized review, use, disclosure, dissemination, forwarding,
printing or copying of this email or any action taken in reliance on
this e-mail is strictly
> prohibited and may be unlawful.
>
>
------------------------------------------------------------------------
>
> No virus found in this incoming message.
> Checked by AVG Free Edition.
> Version: 7.5.488 / Virus Database: 269.13.30/1027 - Release Date:
9/24/2007 11:27 AM
>
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
This e-mail and any files transmitted with it are for the sole use of the intended recipient(s) and may contain confidential and privileged information.
If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message.
Any unauthorized review, use, disclosure, dissemination, forwarding, printing or copying of this email or any action taken in reliance on this e-mail is strictly
prohibited and may be unlawful.
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Setting ClientAuth parameter to true
Posted by Filip Hanik - Dev Lists <de...@hanik.com>.
Your trust store will need to contain the cert the client is supposed to
send up,
Filip
Subhash.NarayananDroupathy@cognizant.com wrote:
> Hi,
>
>
>
> I am unable to set client authentication for SSL in tomcat 5.5.2. I have
> generated the certificate for the client and imported the same into the
> server's keystore so that the server can verify the client's
> certificate. The following is the modification I make on server.xml.
>
>
>
> <Connector port="8443" maxHttpHeaderSize="8192"
>
> maxThreads="150" minSpareThreads="25"
> maxSpareThreads="75"
>
> enableLookups="false" disableUploadTimeout="true"
>
> acceptCount="100" scheme="https" secure="true"
>
> clientAuth="true" sslProtocol="TLS"
>
>
> keystoreFile="D:\Projects\Starwood\WSOverSSL\axis\server.keystore"
> keystorePass="xxxxxx"
>
>
> truststoreFile="D:\Projects\Starwood\WSOverSSL\axis\server.keystore"
> truststorePass="xxxxxx " />
>
>
>
> once this change is done and the server is restarted, I am not able to
> hit this url https://localhost:8443 <https://localhost:8443/> .
>
>
>
> At the same time, if I change the value of clientAuth back to "false" I
> am able to access the url.
>
>
>
> Can some pls help where I went wrong?
>
>
>
> Thanks,
>
> -Subhash-
>
>
>
> This e-mail and any files transmitted with it are for the sole use of the intended recipient(s) and may contain confidential and privileged information.
> If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message.
> Any unauthorized review, use, disclosure, dissemination, forwarding, printing or copying of this email or any action taken in reliance on this e-mail is strictly
> prohibited and may be unlawful.
>
> ------------------------------------------------------------------------
>
> No virus found in this incoming message.
> Checked by AVG Free Edition.
> Version: 7.5.488 / Virus Database: 269.13.30/1027 - Release Date: 9/24/2007 11:27 AM
>
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
RE: Setting ClientAuth parameter to true
Posted by Su...@cognizant.com.
Thanks for getting back Tott.
I did see that how-to link . it states that we have to use those fields
only when we have a keystore format other than 'jks'.
1. I had my keystores files with a ".keystore" as extension. Hence I
modified the connector configuration to :: keystoreType="keystore" &
truststoreType="keystore". After this I restarted Tomcat but this didn't
work.
2. Then I regenerated my keystores using a ".jks" extension and removed
the 'type' fields in the connector configuration (since it said the
fields should be used only when other-than-jks format is used). I
restarted my Tomcat again and still it didn't work.
Not sure what I should look at.
Any help would be appreciated.
-Subhash-
-----Original Message-----
From: Clinton J. Totten [mailto:cjtotten@vsticorp.com]
Sent: Wednesday, September 26, 2007 6:28 PM
To: Tomcat Users List
Subject: RE: Setting ClientAuth parameter to true
>From inspection of your connector properties it looks like your missing
the keystoreType attribute and the truststoreType attribute. If you
check the documentation via this link
(http://tomcat.apache.org/tomcat-5.5-doc/ssl-howto.html) it will tell
you what you can have as a value in this field.
-----Original Message-----
From: Subhash.NarayananDroupathy@cognizant.com
[mailto:Subhash.NarayananDroupathy@cognizant.com]
Sent: Wednesday, September 26, 2007 8:31 AM
To: users@tomcat.apache.org
Subject: Setting ClientAuth parameter to true
Hi,
I am unable to set client authentication for SSL in tomcat 5.5.2. I have
generated the certificate for the client and imported the same into the
server's keystore so that the server can verify the client's
certificate. The following is the modification I make on server.xml.
<Connector port="8443" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25"
maxSpareThreads="75"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
clientAuth="true" sslProtocol="TLS"
keystoreFile="D:\Projects\Starwood\WSOverSSL\axis\server.keystore"
keystorePass="xxxxxx"
truststoreFile="D:\Projects\Starwood\WSOverSSL\axis\server.keystore"
truststorePass="xxxxxx " />
once this change is done and the server is restarted, I am not able to
hit this url https://localhost:8443 <https://localhost:8443/> .
At the same time, if I change the value of clientAuth back to "false" I
am able to access the url.
Can some pls help where I went wrong?
Thanks,
-Subhash-
This e-mail and any files transmitted with it are for the sole use of
the intended recipient(s) and may contain confidential and privileged
information.
If you are not the intended recipient, please contact the sender by
reply e-mail and destroy all copies of the original message.
Any unauthorized review, use, disclosure, dissemination, forwarding,
printing or copying of this email or any action taken in reliance on
this e-mail is strictly
prohibited and may be unlawful.
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
This e-mail and any files transmitted with it are for the sole use of the intended recipient(s) and may contain confidential and privileged information.
If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message.
Any unauthorized review, use, disclosure, dissemination, forwarding, printing or copying of this email or any action taken in reliance on this e-mail is strictly
prohibited and may be unlawful.
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
RE: Setting ClientAuth parameter to true
Posted by "Clinton J. Totten" <cj...@vsticorp.com>.
>From inspection of your connector properties it looks like your missing
the keystoreType attribute and the truststoreType attribute. If you
check the documentation via this link
(http://tomcat.apache.org/tomcat-5.5-doc/ssl-howto.html) it will tell
you what you can have as a value in this field.
-----Original Message-----
From: Subhash.NarayananDroupathy@cognizant.com
[mailto:Subhash.NarayananDroupathy@cognizant.com]
Sent: Wednesday, September 26, 2007 8:31 AM
To: users@tomcat.apache.org
Subject: Setting ClientAuth parameter to true
Hi,
I am unable to set client authentication for SSL in tomcat 5.5.2. I have
generated the certificate for the client and imported the same into the
server's keystore so that the server can verify the client's
certificate. The following is the modification I make on server.xml.
<Connector port="8443" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25"
maxSpareThreads="75"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
clientAuth="true" sslProtocol="TLS"
keystoreFile="D:\Projects\Starwood\WSOverSSL\axis\server.keystore"
keystorePass="xxxxxx"
truststoreFile="D:\Projects\Starwood\WSOverSSL\axis\server.keystore"
truststorePass="xxxxxx " />
once this change is done and the server is restarted, I am not able to
hit this url https://localhost:8443 <https://localhost:8443/> .
At the same time, if I change the value of clientAuth back to "false" I
am able to access the url.
Can some pls help where I went wrong?
Thanks,
-Subhash-
This e-mail and any files transmitted with it are for the sole use of
the intended recipient(s) and may contain confidential and privileged
information.
If you are not the intended recipient, please contact the sender by
reply e-mail and destroy all copies of the original message.
Any unauthorized review, use, disclosure, dissemination, forwarding,
printing or copying of this email or any action taken in reliance on
this e-mail is strictly
prohibited and may be unlawful.
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
RE: Setting ClientAuth parameter to true
Posted by "Clinton J. Totten" <cj...@vsticorp.com>.
I am currently doing the samething right now and am able to access porst
8443. What is the error that you are getting?
-----Original Message-----
From: Subhash.NarayananDroupathy@cognizant.com
[mailto:Subhash.NarayananDroupathy@cognizant.com]
Sent: Wednesday, September 26, 2007 8:31 AM
To: users@tomcat.apache.org
Subject: Setting ClientAuth parameter to true
Hi,
I am unable to set client authentication for SSL in tomcat 5.5.2. I have
generated the certificate for the client and imported the same into the
server's keystore so that the server can verify the client's
certificate. The following is the modification I make on server.xml.
<Connector port="8443" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25"
maxSpareThreads="75"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
clientAuth="true" sslProtocol="TLS"
keystoreFile="D:\Projects\Starwood\WSOverSSL\axis\server.keystore"
keystorePass="xxxxxx"
truststoreFile="D:\Projects\Starwood\WSOverSSL\axis\server.keystore"
truststorePass="xxxxxx " />
once this change is done and the server is restarted, I am not able to
hit this url https://localhost:8443 <https://localhost:8443/> .
At the same time, if I change the value of clientAuth back to "false" I
am able to access the url.
Can some pls help where I went wrong?
Thanks,
-Subhash-
This e-mail and any files transmitted with it are for the sole use of
the intended recipient(s) and may contain confidential and privileged
information.
If you are not the intended recipient, please contact the sender by
reply e-mail and destroy all copies of the original message.
Any unauthorized review, use, disclosure, dissemination, forwarding,
printing or copying of this email or any action taken in reliance on
this e-mail is strictly
prohibited and may be unlawful.
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org