-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Vinoth,
On 8/15/17 11:42 AM, Vinoth Raja wrote: > clientAuth="true" Is not valid attribute for connector in tomcat > 8.5.15. I have tried setting certificateVerifucation as required > but application URL is not reachable and it was complaining about > certificate. Does the browser prompt for a certificate? If you use "openssl s_client -connect [hostname]:[port]" does the connection show that trusted certificates are presented? For example: $ openssl s_client -connect host:port CONNECTED(00000003) [server certificate] Acceptable client certificate CA names /CN=client-certificate1 /CN=client-certificate2 ... Requested Signature Algorithms: RSA+SHA512:DSA+SHA512:ECDSA+SHA512:RSA+SHA384:DSA+SHA384:ECDSA+SHA384:RS A+SHA256:DSA+SHA256:ECDSA+SHA256:RSA+SHA224:DSA+SHA224:ECDSA+SHA224:RSA+ SHA1:DSA+SHA1:ECDSA+SHA1 Shared Requested Signature Algorithms: RSA+SHA512:DSA+SHA512:ECDSA+SHA512:RSA+SHA384:DSA+SHA384:ECDSA+SHA384:RS A+SHA256:DSA+SHA256:ECDSA+SHA256:RSA+SHA224:DSA+SHA224:ECDSA+SHA224:RSA+ SHA1:DSA+SHA1:ECDSA+SHA1 Peer signing digest: SHA512 Server Temp Key: ECDH, P-256, 256 bits - --- SSL handshake has read 2582 bytes and written 138 bytes - --- New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384 Server public key is 4096 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : TLSv1.2 Cipher : ECDHE-RSA-AES256-GCM-SHA384 Session-ID: Session-ID-ctx: Master-Key: [session key] Key-Arg : None PSK identity: None PSK identity hint: None SRP username: None Start Time: 1502814654 Timeout : 300 (sec) Verify return code: 10 (certificate has expired) - --- [DISCONNECT] In the above conversation, the server presents the list of acceptable client certificates to the client. Does that happen for you? > Can I set the truststore in SSLContext before making outbound call? > will it trust the client request. What outbound call? Tomcat only handles incoming HTTP/TLS connections. - -chris -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlmTIpIACgkQHPApP6U8 pFga/g/8DIfIj6QoCQeMaMu3EoPJO2VjCHfCj11OoxXMkWr3NRlbXPkmtEYo6lQ6 qBeokSYok+OrLXlY6EM40ofq5rU/5kTzNf4kb116d5na8gz+9DoaVaDC5S+LNzjH dKSu2eQXSZA+6OHSo55mH0AGQ1dyY9sZlySCqEJpOSYZMx61lZLz3NjUZqZEZ1wH BYeLv1VXHhnB59oyEJNuSaUBlST7iinjfGya/T16/H61gQCV3Sz+aIkmv1IWT82A kVYK7UasYg119wKk/2lJskYqloULngGWIbdZo+BrGoSyvBs0BKipErgSBIKwVFVD KmTsXPzrftnSmvKuTJgI45QiEYLtWqzVsJof8q2oaGId+KnPJl+HiOAhvIXFaYg5 3zsZfi9JRZwJu59CYwew+UVX/+ogwMhjDMgCMsceaGaXqiTwni0T95s2GqSbbUwr HSwzXiyCHs7Kh8foWSmrDbrS0OZ1Rs3BvR2vhHMpmvjLxSMbtY0QwUK9arzmcRxJ +PWlUlAkZaILcwLo5GR1LVNZzx71l5gYcC8FHQZkeBTmH8Rzedvi5riu2g6suRC2 T37R0u1iZ7iQTWNH0jLCHZyOWwy1La0fD7t6er7oB3Rq1F+2njNw/gIkLwRWni3V YQo+KjoHP5v9ao7tA6Qjs76vqfnj9r1C7IplYeCEbecTnLNTF/w= =0zTG -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org