Did you finally figure out how to fix this issue? I am having the same issue today.. Can you please help, if you happen to look at this? The only change is I am using tomcat 6.0
Thanks much. -A Ron Perkins-2 wrote: > > Hi All, > > I have done the following to create a Trust Store for Tomcat to use: > > Created a keystore with new certificate: > > keytool -genkey -alias mycert -keyalg RSA -kaypass changeit -keystore > keystore.jks -storepass changeit > > Exported certificate: > > keytool -export -alias mycert -file mycert.cer -keystore keystore.jks > -storepass changeit > > Imported certificate into trust store: > > keytool -import -v -trustcacerts alias mycert -keypass changeit -file > mycert.cer -keystore cacerts.jks -storepass changeit > > Added the following Connector into server.xml to allow Client > Authentication: > > <Connector > port="443" > scheme="https" > secure="true" > keystoreFile="C:/keystore.jks" > keystorePass="changeit" > keystoreType="JKS" > keyAlias="mykey" > truststoreFile="C:/cacerts.jks" > truststorePass="changeit" > truststoreType="JKS" > sslProtocol="TLS" > maxSpareThreads="75" > maxThreads="350" > uRIEncoding="UTF-8" > minSpareThreads="25" > clientAuth="true"> > </Connector> > > After starting Tomcat up, using netstat I can see that port 443 is > listening... > > When using IE to test the connection to the https default page I get > IE's no communication web page displayed. If I use Firefox this gives > me the following error: SSL peer cannot verify your certificate (Error > code: ssl_error_bad_cert_alert) > > I was expecting a message to say that the client needs a client > certificate? I then installed the client certificate mycert.cer into > the client browsers, but has no effect and I still recevie the same > error messages. > > To check that I have SSL correctly installed, if I change > clientAuth="true" to clientAuth="false" then default Tomcatwebpage is > displayed within the browsers. > > What have I done wrong? I am thinking that it is the way that I have > created the Trust store that is the problem? > > Thanks for any help in advance... > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > > -- View this message in context: http://old.nabble.com/Tomcat-5.5-Trust-Stores-and-Client-Authentication-tp23132214p29486541.html Sent from the Tomcat - User mailing list archive at Nabble.com. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org