I am trying to get Client Authentication working with Tomcat 5.5, I
have successfully got SSL working without Client Authentication.

This is what I have done so far.

Created a keystore with new certificate:

keytool -genkey -alias mykey -keyalg RSA -kaypass changeit -keystore
keystore.jks -storepass changeit

Exported certificate:

keytool -export -alias mykey -file mykey.cer -keystore keystore.jks
-storepass changeit

Imported certificate into trust store:

keytool -import -v -trustcacerts alias mykey -keypass changeit -file
mykey.cer -keystore cacerts.jks -storepass changeit

Added the following Connector into server.xml:

<Connector
        port="443"
        scheme="https"
        secure="true"
        keystoreFile="C:/keystore.jks"
        keystorePass="changeit"
          keystoreType="JKS"
          keyAlias="mykey"
        truststoreFile="C:/cacerts.jks"
          truststorePass="changeit"
          truststoreType="JKS"
        sslProtocol="TLS"
        maxSpareThreads="75"
        maxThreads="350"
        uRIEncoding="UTF-8"
        minSpareThreads="25"
        clientAuth="true">
</Connector>

Within the Firefox browser this gives the following error when going
to url: https//<hostname>.<domain>

"SSL peer cannot verify your certificate (Error code: ssl_error_bad_cert_alert)"

If I change clientAuth="true" to clientAuth="false" the default Tomcat
webpage is displayed within the browser.

Have I missed something within the configuration or do I need to do
something different of the creation of the trust store certificate?

Thanks
Ron

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Reply via email to