You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by yuanyuan <yu...@wizvision.com> on 2007/10/22 08:17:48 UTC
Fatal alert: certificate_unknown when test SSL with expired client cert
Dear Sir/Madam,
I am test SSL connection with Tomcat5.0.28 and j2sdk1.4.1_06.
Below is the setting of my Tomcat for SSL:
<Connector port="8443"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="true" disableUploadTimeout="true"
acceptCount="100" debug="0" scheme="https" secure="true"
clientAuth="true" sslProtocol="TLS"
truststoreFile="C:\keystore\ACS.keystore"
truststorePass="changeit"
keystoreFile="C:\keystore\ACS.keystore"
keystorePass="changeit"
keystoreType="JKS"/>
It works ok with the valid client cert. But when I test with expired client cert, the
client side will receive fatal alert: certificate_unknown but not the expected result
fatal alert: certificate_expired.
Any idea of which part may cause the problem? Thank you.
Best regards
Yuanyuan
WizVision Pte Ltd (Regn. No.: 200002982E)
451 Joo Chiat Road
#04-07 Katong Junction
Singapore 427664
Tel: (+65) 6336-3340
Fax: (+65) 6392-0790
URL: http://www.WizVision.com
[ This email and any attachments transmitted with it are confidential and intended solely for the named recipient(s) only. If you are not the intended recipient, you must not copy, disclose, disseminate or otherwise make use of the information. If you have received this email in error, please immediately notify the sender and permanently delete or destroy the original copy or any copy of this email. The recipient should check this email and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any virus transmitted by this email. ]
Re: Fatal alert: certificate_unknown when test SSL with expired client cert
Posted by Bill Barker <wb...@wilshire.com>.
There isn't a problem here :). When Tomcat (or more correctly JSSE) sees an
expired certificate, it just stops talking to the client, leaving the client
to have to guess the reason.
There are various patches in BZ to warn on expired certs (mostly against TC
5), but none that have been implemented.
"yuanyuan" <yu...@wizvision.com> wrote in message
news:005c01c81473$4495ed50$ab00000a@Iris...
Dear Sir/Madam,
I am test SSL connection with Tomcat5.0.28 and j2sdk1.4.1_06.
Below is the setting of my Tomcat for SSL:
<Connector port="8443"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="true" disableUploadTimeout="true"
acceptCount="100" debug="0" scheme="https" secure="true"
clientAuth="true" sslProtocol="TLS"
truststoreFile="C:\keystore\ACS.keystore"
truststorePass="changeit"
keystoreFile="C:\keystore\ACS.keystore"
keystorePass="changeit"
keystoreType="JKS"/>
It works ok with the valid client cert. But when I test with expired client
cert, the
client side will receive fatal alert: certificate_unknown but not the
expected result
fatal alert: certificate_expired.
Any idea of which part may cause the problem? Thank you.
Best regards
Yuanyuan
WizVision Pte Ltd (Regn. No.: 200002982E)
451 Joo Chiat Road
#04-07 Katong Junction
Singapore 427664
Tel: (+65) 6336-3340
Fax: (+65) 6392-0790
URL: http://www.WizVision.com
[ This email and any attachments transmitted with it are confidential and
intended solely for the named recipient(s) only. If you are not the intended
recipient, you must not copy, disclose, disseminate or otherwise make use of
the information. If you have received this email in error, please
immediately notify the sender and permanently delete or destroy the original
copy or any copy of this email. The recipient should check this email and
any attachments for the presence of viruses. The company accepts no
liability for any damage caused by any virus transmitted by this email. ]
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org