Dear Sir or Madam: I am Judge Dean M. Trafelet. Your emails are improperly being sent to my email address. Please remove me from you list immediately. DMT
----- Original Message ----- From: "lercoli" <[EMAIL PROTECTED]>
To: "Tomcat Users List" <tomcat-user@jakarta.apache.org>
Sent: Monday, May 02, 2005 10:31 AM
Subject: Re: Client Authentication
You should import only client.p12 certificate in IE browser and
when IE asks you in which folder you want to put it select Personal Folder.
I hope it helps you.
Luca Ercoli
----- Original Message ----- From: "Mahesh S Kudva" <[EMAIL PROTECTED]>
To: <tomcat-user@jakarta.apache.org>
Sent: Monday, May 02, 2005 5:08 PM
Subject: Client Authentication
Dear All
I've been able to setup Tomcat 5.0.30 successfully on port 8443. I want to
use client authentication. Hence i've enabled clientAuth=true in
server.xml
Running on Mac OS X these were the commands to create a CA and sign a certificate using this CA.
Creating a new CA: 1) perl CA.pl -newca
Certificate request using openssl: 1) perl CA.pl -newreq 2) perl CA.pl -sign 3) mv newreq.pem client_req.pem 4) mv newcert.pem client_cert.pem 5) openssl rsa < client_req.pem > client_key.pem 6) openssl pkcs12 -export -in client_cert.pem -inkey client_key.pem -out client.p12
For Tomcat using Java keytool to request certificate:
1) openssl x509 -in server_cert.pem -out server.x509
2) openssl pkcs12 -export -in server_cert.pem -inkey server_key.pem
-out server.p12
3) keytool -genkey -alias meAsClient -storepass changeit
4) keytool -certreq -alias measclient -file client.csr -storepass changeit
5) openssl x509 -req -CA demoCA/cacert.pem -CAkey
demoCA/private/cakey.pem -extensions v3_ca -in client.csr -inform DER
-out client_cert.x509 -CAcreateserial
6) keytool -import -alias butterflyCA -keystore /Syst.. ..urity/cacerts
-file ../CA/demoCA/cacert.pem
7) keytool -import -alias measclient -keystore clientstore -trustcacerts
-file client_cert.x509
Following these commands I dont get any errors. I then import the cacert.pem, the ROOT CA certificate and the client.p12 and client_cert.x509 to the browser I.E 6.0. But still there is a popup requesting for the clients identity and it asks me to select a certificate and no certificates are displayed.
How can I go about this?
All suggestion and ideas are welcome.
Regards & Thanks ================ Mahesh S Kudva
------------------------------------------------------- Robosoft Technologies - Partners in Product Development
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
