You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@tomcat.apache.org by bu...@apache.org on 2011/12/09 07:04:55 UTC

DO NOT REPLY [Bug 52308] New: Fatal alert: certificate_unknown when test SSL with expired client cert

https://issues.apache.org/bugzilla/show_bug.cgi?id=52308

             Bug #: 52308
           Summary: Fatal alert: certificate_unknown when test SSL with
                    expired client cert
           Product: Tomcat 5
           Version: 5.0.0
          Platform: PC
        OS/Version: Linux
            Status: NEW
          Severity: blocker
          Priority: P2
         Component: Servlets:SSI
        AssignedTo: dev@tomcat.apache.org
        ReportedBy: dineshsatam@hotmail.com
    Classification: Unclassified


I am testing SSL connection with jboss-5.1.0.GA (using Tomcat) and java version
"1.6.0_03"

Below is the setting of my server.xml in JBoss


<Connector protocol="HTTP/1.1"  SSLEnabled="true" 
port="443" address="${jboss.bind.address}"
scheme="https" secure="true" clientAuth="true" 
keystoreFile="${jboss.server.home.dir}/conf/ssl/keystore.jks" 
keystorePass="asdf1234" sslProtocol = "TLS"  
truststoreFile="${jboss.server.home.dir}/conf/ssl/keystore.jks" 
truststorePass="asdf1234"  
ciphers="TLS_RSA_WITH_3DES_EDE_CBC_SHA,TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA" />


It works ok with the valid client cert. 
But when I test with expired client cert, 
the client side will receive fatal alert: certificate_unknown but not the
expected result
fatal alert: certificate_expired.


Also JBOSS LOG
09:38:46,969 INFO  [STDOUT] ***
09:38:46,978 INFO  [STDOUT] http-192.168.20.150-443-1
09:38:46,978 INFO  [STDOUT] , SEND SSLv3 ALERT:
09:38:46,978 INFO  [STDOUT] fatal,
09:38:46,978 INFO  [STDOUT] description = certificate_unknown


Any idea of which part may cause the problem? Thank you.


Best regards
Dinesh S

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org

DO NOT REPLY [Bug 52308] Fatal alert: certificate_unknown when test SSL with expired client cert

Posted by bu...@apache.org.

https://issues.apache.org/bugzilla/show_bug.cgi?id=52308

Chuck Caldarale <ch...@unisys.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|                            |INVALID

--- Comment #1 from Chuck Caldarale <ch...@unisys.com> 2011-12-09 06:13:57 UTC ---
Bugzilla is not a support forum.  Post your question on the users mailing list.
 Also note that Tomcat 5.0 has not been supported for some time.

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org