Hello all, Sorry for the previous e-mail. %)
This theme was discussed about month ago. I tried to use what I've found but I'm still having a problem... I'm trying to do SSL client authentication with Tomcat 4.1.18 (clientAuth="true"). 1. I've generated a client certificate using keytool: keytool -genkey -alias tomcat-cl -keyalg RSA -keystore client.keystore 2. Then I created Certificate Signing Request: keytool -certreq -keyalg RSA -alias tomcat-cl -file certreq.csr -keystore client.keystore 3. I sent it to CA and got a signed certificate and CA Certificate. 4. I imported them to the client keystore: keytool -import -alias root -keystore client.keystore -file cacert keytool -import -alias tomcat-cl -keystore client.keystore -file usercert 5. I exported server certificate and imported it as a trusted to the trusted keystore: keytool -import -trustcacerts -alias tomcat -file server.cer -keystore trust.keystore 6. I imported CA Certificate to "\jre\lib\security\cacerts" : keytool -import -file cacert -keystore %java_home%\jre\lib\security\cacerts -storepass changeit I'm running Tomcat and test client on the same machine. Server keystore: %USERHOME%\.keystore Client keystore: %USERHOME%\client.keystore Client trusted keystore: %USERHOME%\trust.keystore Test Client: ******************************************** import java.net.*; import java.io.*; import java.util.*; import java.security.*; import javax.net.ssl.*; public class SimpleClient { public static void main(String[] args) { System.setProperty("javax.net.ssl.trustStore", System.getProperty("user.home")+File.separator +"trust.keystore"); System.setProperty("javax.net.ssl.keyStore", System.getProperty("user.home")+File.separator +"client.keystore"); System.setProperty("javax.net.ssl.keyStorePassword", "changeit"); InputStream is = null; OutputStream os = new ByteArrayOutputStream(); try { URL url = new URL("https://localhost:8443/readme.txt"); try { is = url.openStream(); byte[] buffer = new byte[4096]; int bytes_read; while((bytes_read = is.read(buffer)) != -1) os.write(buffer, 0, bytes_read); System.out.println(os.toString()); } catch (Exception e) { e.printStackTrace(); } finally { try { is.close(); os.close(); } catch (IOException e) { e.printStackTrace(); } } } catch (Exception e) { e.printStackTrace(); } } } ******************************************** With [clientAuth="false"] it works fine, but with [clientAuth="true"] it gives an error: java.net.SocketException: Software caused connection abort: recv failed at java.net.SocketInputStream.socketRead0(Native Method) at java.net.SocketInputStream.read(SocketInputStream.java:129) at com.sun.net.ssl.internal.ssl.InputRecord.a(DashoA6275) at com.sun.net.ssl.internal.ssl.InputRecord.read(DashoA6275) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275) What did I do in a wrong way? Thanks in advance. Best regards, Dmitry. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]