You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by bu...@apache.org on 2011/12/09 07:04:55 UTC
DO NOT REPLY [Bug 52308] New: Fatal alert: certificate_unknown when
test SSL with expired client cert
https://issues.apache.org/bugzilla/show_bug.cgi?id=52308
Bug #: 52308
Summary: Fatal alert: certificate_unknown when test SSL with
expired client cert
Product: Tomcat 5
Version: 5.0.0
Platform: PC
OS/Version: Linux
Status: NEW
Severity: blocker
Priority: P2
Component: Servlets:SSI
AssignedTo: dev@tomcat.apache.org
ReportedBy: dineshsatam@hotmail.com
Classification: Unclassified
I am testing SSL connection with jboss-5.1.0.GA (using Tomcat) and java version
"1.6.0_03"
Below is the setting of my server.xml in JBoss
<Connector protocol="HTTP/1.1" SSLEnabled="true"
port="443" address="${jboss.bind.address}"
scheme="https" secure="true" clientAuth="true"
keystoreFile="${jboss.server.home.dir}/conf/ssl/keystore.jks"
keystorePass="asdf1234" sslProtocol = "TLS"
truststoreFile="${jboss.server.home.dir}/conf/ssl/keystore.jks"
truststorePass="asdf1234"
ciphers="TLS_RSA_WITH_3DES_EDE_CBC_SHA,TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA" />
It works ok with the valid client cert.
But when I test with expired client cert,
the client side will receive fatal alert: certificate_unknown but not the
expected result
fatal alert: certificate_expired.
Also JBOSS LOG
09:38:46,969 INFO [STDOUT] ***
09:38:46,978 INFO [STDOUT] http-192.168.20.150-443-1
09:38:46,978 INFO [STDOUT] , SEND SSLv3 ALERT:
09:38:46,978 INFO [STDOUT] fatal,
09:38:46,978 INFO [STDOUT] description = certificate_unknown
Any idea of which part may cause the problem? Thank you.
Best regards
Dinesh S
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
DO NOT REPLY [Bug 52308] Fatal alert: certificate_unknown when test
SSL with expired client cert
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=52308
Chuck Caldarale <ch...@unisys.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |INVALID
--- Comment #1 from Chuck Caldarale <ch...@unisys.com> 2011-12-09 06:13:57 UTC ---
Bugzilla is not a support forum. Post your question on the users mailing list.
Also note that Tomcat 5.0 has not been supported for some time.
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org