You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by "Balgeman, Timothy E (Tim)" <ba...@alcatel-lucent.com> on 2008/09/08 18:49:04 UTC
SSL https clientAuth debugging assistance
We have just started using Tomcat. We are using version 5.5.26.
I was able to set up Tomcat and get it running with our application. I
also have enabled SSL:
<Connector port="18443" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25"
maxSpareThreads="75"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
keystoreFile="conf/keystore" keyAlias="tomcat" />
I have one user that needs use to authenticate their client. I have
this working on our development system (added their certificate to our
keystore) but following the same process to our test box is failing.
The client (which I don't have access to) is giving a very generic error
message.
Is there a way that I can see why the client is failing the connection
(i.e. certificate doesn't match client, certificate expired, ...) or get
more debugging information from the Tomcat side?
Thanks
Tim
RE: SSL https clientAuth debugging assistance
Posted by "Balgeman, Timothy E (Tim)" <ba...@alcatel-lucent.com>.
Thank you Martin for your reply.
I installed the log4j and it is logging information when I shutdown
tomcat, but no other time. I have also tried messing with the
java.util.logging but an getting nowhere with that.
I am using the default log4j.properties as mentioned on the tomcat web
pages. I expected more stuff in the log file and was hoping for SSL
connection information. Am I off base?
Tim
-----Original Message-----
From: Martin Gainty [mailto:mgainty@hotmail.com]
Sent: Monday, September 08, 2008 12:43 PM
To: Tomcat Users List
Subject: RE: SSL https clientAuth debugging assistance
implement a logger so you can trace whats going on
http://tomcat.apache.org/tomcat-5.5-doc/logging.html
also in %TOMCAT_HOME/conf/server.xml crankup the debug attribute on your
<Connector statement
debug="5"
http://tomcat.apache.org/tomcat-4.0-doc/config/http11.html
and you'll see lots of messages in tomcat console
HTH
Martin
______________________________________________
Disclaimer and confidentiality note
Everything in this e-mail and any attachments relates to the official
business of Sender. This transmission is of a confidential nature and
Sender does not endorse distribution to any party other than intended
recipient. Sender does not necessarily endorse content contained within
this transmission.
> Subject: SSL https clientAuth debugging assistance
> Date: Mon, 8 Sep 2008 11:49:04 -0500
> From: balgeman@alcatel-lucent.com
> To: users@tomcat.apache.org
>
> We have just started using Tomcat. We are using version 5.5.26.
>
> I was able to set up Tomcat and get it running with our application.
I
> also have enabled SSL:
> <Connector port="18443" maxHttpHeaderSize="8192"
> maxThreads="150" minSpareThreads="25"
> maxSpareThreads="75"
> enableLookups="false" disableUploadTimeout="true"
> acceptCount="100" scheme="https" secure="true"
> clientAuth="false" sslProtocol="TLS"
> keystoreFile="conf/keystore" keyAlias="tomcat" />
>
> I have one user that needs use to authenticate their client. I have
> this working on our development system (added their certificate to our
> keystore) but following the same process to our test box is failing.
> The client (which I don't have access to) is giving a very generic
error
> message.
>
> Is there a way that I can see why the client is failing the connection
> (i.e. certificate doesn't match client, certificate expired, ...) or
get
> more debugging information from the Tomcat side?
>
> Thanks
> Tim
_________________________________________________________________
See how Windows connects the people, information, and fun that are part
of your life.
http://clk.atdmt.com/MRT/go/msnnkwxp1020093175mrt/direct/01/
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
RE: SSL https clientAuth debugging assistance
Posted by Martin Gainty <mg...@hotmail.com>.
implement a logger so you can trace whats going on
http://tomcat.apache.org/tomcat-5.5-doc/logging.html
also in %TOMCAT_HOME/conf/server.xml crankup the debug attribute on your <Connector statement
debug="5"
http://tomcat.apache.org/tomcat-4.0-doc/config/http11.html
and you'll see lots of messages in tomcat console
HTH
Martin
______________________________________________
Disclaimer and confidentiality note
Everything in this e-mail and any attachments relates to the official business of Sender. This transmission is of a confidential nature and Sender does not endorse distribution to any party other than intended recipient. Sender does not necessarily endorse content contained within this transmission.
> Subject: SSL https clientAuth debugging assistance
> Date: Mon, 8 Sep 2008 11:49:04 -0500
> From: balgeman@alcatel-lucent.com
> To: users@tomcat.apache.org
>
> We have just started using Tomcat. We are using version 5.5.26.
>
> I was able to set up Tomcat and get it running with our application. I
> also have enabled SSL:
> <Connector port="18443" maxHttpHeaderSize="8192"
> maxThreads="150" minSpareThreads="25"
> maxSpareThreads="75"
> enableLookups="false" disableUploadTimeout="true"
> acceptCount="100" scheme="https" secure="true"
> clientAuth="false" sslProtocol="TLS"
> keystoreFile="conf/keystore" keyAlias="tomcat" />
>
> I have one user that needs use to authenticate their client. I have
> this working on our development system (added their certificate to our
> keystore) but following the same process to our test box is failing.
> The client (which I don't have access to) is giving a very generic error
> message.
>
> Is there a way that I can see why the client is failing the connection
> (i.e. certificate doesn't match client, certificate expired, ...) or get
> more debugging information from the Tomcat side?
>
> Thanks
> Tim
_________________________________________________________________
See how Windows connects the people, information, and fun that are part of your life.
http://clk.atdmt.com/MRT/go/msnnkwxp1020093175mrt/direct/01/