Hello all,
Sorry for the previous e-mail. %)
This theme was discussed about month ago. I tried to use what I've
found but I'm still having a problem...
I'm trying to do SSL client authentication with Tomcat 4.1.18 (clientAuth="true").
1. I've generated a client certificate using keytool:
keytool -genkey -alias tomcat-cl -keyalg RSA -keystore client.keystore
2. Then I created Certificate Signing Request:
keytool -certreq -keyalg RSA -alias tomcat-cl -file certreq.csr -keystore
client.keystore
3. I sent it to CA and got a signed certificate and CA Certificate.
4. I imported them to the client keystore:
keytool -import -alias root -keystore client.keystore -file cacert
keytool -import -alias tomcat-cl -keystore client.keystore -file usercert
5. I exported server certificate and imported it as a trusted to the
trusted keystore:
keytool -import -trustcacerts -alias tomcat -file server.cer -keystore trust.keystore
6. I imported CA Certificate to "\jre\lib\security\cacerts" :
keytool -import -file cacert -keystore %java_home%\jre\lib\security\cacerts
-storepass changeit
I'm running Tomcat and test client on the same machine.
Server keystore: %USERHOME%\.keystore
Client keystore: %USERHOME%\client.keystore
Client trusted keystore: %USERHOME%\trust.keystore
Test Client:
********************************************
import java.net.*;
import java.io.*;
import java.util.*;
import java.security.*;
import javax.net.ssl.*;
public class SimpleClient {
public static void main(String[] args) {
System.setProperty("javax.net.ssl.trustStore",
System.getProperty("user.home")+File.separator +"trust.keystore");
System.setProperty("javax.net.ssl.keyStore",
System.getProperty("user.home")+File.separator +"client.keystore");
System.setProperty("javax.net.ssl.keyStorePassword", "changeit");
InputStream is = null;
OutputStream os = new ByteArrayOutputStream();
try {
URL url = new URL("https://localhost:8443/readme.txt";);
try {
is = url.openStream();
byte[] buffer = new byte[4096];
int bytes_read;
while((bytes_read = is.read(buffer)) != -1)
os.write(buffer, 0, bytes_read);
System.out.println(os.toString());
} catch (Exception e) { e.printStackTrace(); }
finally {
try {
is.close();
os.close();
} catch (IOException e) { e.printStackTrace(); }
}
} catch (Exception e) { e.printStackTrace(); }
}
}
********************************************
With [clientAuth="false"] it works fine, but with [clientAuth="true"]
it gives an error:
java.net.SocketException: Software caused connection abort: recv failed
at java.net.SocketInputStream.socketRead0(Native Method)
at java.net.SocketInputStream.read(SocketInputStream.java:129)
at com.sun.net.ssl.internal.ssl.InputRecord.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.InputRecord.read(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
What did I do in a wrong way?
Thanks in advance.
Best regards,
Dmitry.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
