You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Twan Munster <t....@emaxx.nl> on 2003/09/22 08:58:38 UTC
SSL client authentication
Hello,
I've always used apache http server for client authenticatien with ssl. I've installed Tomcat now voor mij jsp's.
But I'm not able to get the ssl client authentication working. The problem is getting my existing certificates working in tomcat. Is apache http server it was very easy. I configured all the stuff in my httpd.conf.
I also tried to get tomcat working with keytool. But ther's something I do wrong. I alwas get "handshake error".
Can somebody please tell me how to use keytool. I've got the following certificates:
1 server.crt = server certificate
2 ca.crt = chain certificate
3 ca-bundle.crt = lots of certificates for client authentication
4 server.key = i really don't know how to get this one in keytool
Thnx
Twan Munster
Re: SSL client authentication
Posted by Bill Barker <wb...@wilshire.com>.
Personally, I think that the easiest way to move an Apache cert to a Tomcat
cert is to export it to a pkcs12 file and use that as the keystore (of
course, setting keystoreType="pkcs12" on the Factory element).
Using OpenSSL, something like:
$ openssl pkcs12 -export -chain -inkey server.key -in server.crt -CAfile
ca.crt \
-name tomcat -caname root -out server.p12
"Twan Munster" <t....@emaxx.nl> wrote in message
news:006701c380d6$f5158210$1501a8c0@picard...
Hello,
I've always used apache http server for client authenticatien with ssl. I've
installed Tomcat now voor mij jsp's.
But I'm not able to get the ssl client authentication working. The problem
is getting my existing certificates working in tomcat. Is apache http server
it was very easy. I configured all the stuff in my httpd.conf.
I also tried to get tomcat working with keytool. But ther's something I do
wrong. I alwas get "handshake error".
Can somebody please tell me how to use keytool. I've got the following
certificates:
1 server.crt = server certificate
2 ca.crt = chain certificate
3 ca-bundle.crt = lots of certificates for client authentication
4 server.key = i really don't know how to get this one in keytool
Thnx
Twan Munster
Re: SSL client authentication
Posted by Bill Barker <wb...@wilshire.com>.
Personally, I think that the easiest way to move an Apache cert to a Tomcat
cert is to export it to a pkcs12 file and use that as the keystore (of
course, setting keystoreType="pkcs12" on the Factory element).
Using OpenSSL, something like:
$ openssl pkcs12 -export -chain -inkey server.key -in server.crt -CAfile
ca.crt \
-name tomcat -caname root -out server.p12
"Twan Munster" <t....@emaxx.nl> wrote in message
news:006701c380d6$f5158210$1501a8c0@picard...
Hello,
I've always used apache http server for client authenticatien with ssl. I've
installed Tomcat now voor mij jsp's.
But I'm not able to get the ssl client authentication working. The problem
is getting my existing certificates working in tomcat. Is apache http server
it was very easy. I configured all the stuff in my httpd.conf.
I also tried to get tomcat working with keytool. But ther's something I do
wrong. I alwas get "handshake error".
Can somebody please tell me how to use keytool. I've got the following
certificates:
1 server.crt = server certificate
2 ca.crt = chain certificate
3 ca-bundle.crt = lots of certificates for client authentication
4 server.key = i really don't know how to get this one in keytool
Thnx
Twan Munster
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org