Nedim, The clientAuth attribute signals that you want users to have a valid certificate, so I assume your client doesn¹t have one or the one it has is invalid.
Tomcat 5.5 HTTP Connector configuration: http://tomcat.apache.org/tomcat-5.5-doc/config/http.html HTH, A- On 6/30/09 7:36 AM, "Nedim Ozan Tekin" <[email protected]> wrote: > I want to try to use ClientAuthentication in CAS. > My server.xml is > <Connector port="8443" maxHttpHeaderSize="8192" > maxThreads="150" minSpareThreads="25" maxSpareThreads="75" > enableLookups="false" disableUploadTimeout="true" > acceptCount="100" scheme="https" secure="true" SSLEnabled="true" > clientAuth="true" sslProtocol="TLS" > keystoreFile= "/portalkeystore/keystore" > keystorePass="changeit" > truststoreFile="/mms/java/jdk1.5.0_18/jre/lib/security/cacerts" > truststorePass="changeit" > /> > > With clientAuth="false" everything is OK. > > But when I change clientAuth="true" , the browsers open a window to select > client cert, I choose and portal home page comes, but simultaneously it gives > below error. > > 14:54:20,892 ERROR [STDERR] javax.net.ssl.SSLHandshakeException: Received > fatal alert: bad_certificate > 14:54:20,894 ERROR [STDERR] at > com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:150) > 14:54:20,894 ERROR [STDERR] at > com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:117) > 14:54:20,895 ERROR [STDERR] at > com.sun.net.ssl.internal.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:1650) > 14:54:20,896 ERROR [STDERR] at > com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:925) > 14:54:20,896 ERROR [STDERR] at > com.sun.net.ssl.internal.ssl.SSLSocketImpl.waitForClose(SSLSocketImpl.java:142 > 8) > 14:54:20,896 ERROR [STDERR] at > com.sun.net.ssl.internal.ssl.HandshakeOutStream.flush(HandshakeOutStream.java: > 103) > 14:54:20,897 ERROR [STDERR] at > com.sun.net.ssl.internal.ssl.Handshaker.sendChangeCipherSpec(Handshaker.java:5 > 91) > 14:54:20,897 ERROR [STDERR] at > com.sun.net.ssl.internal.ssl.ClientHandshaker.sendChangeCipherAndFinish(Client > Handshaker.java:698) > 14:54:20,897 ERROR [STDERR] at > com.sun.net.ssl.internal.ssl.ClientHandshaker.serverHelloDone(ClientHandshaker > .java:624) > 14:54:20,898 ERROR [STDERR] at > com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker. > java:160) > 14:54:20,898 ERROR [STDERR] at > com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:495) > 14:54:20,899 ERROR [STDERR] at > com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:433) > 14:54:20,899 ERROR [STDERR] at > com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:877) > 14:54:20,900 ERROR [STDERR] at > com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketIm > pl.java:1089) > 14:54:20,900 ERROR [STDERR] at > com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1 > 116) > 14:54:20,900 ERROR [STDERR] at > com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1 > 100) > 14:54:20,901 ERROR [STDERR] at > sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:402) > 14:54:20,901 ERROR [STDERR] at > sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Abstract > DelegateHttpsURLConnection.java:166) > 14:54:20,902 ERROR [STDERR] at > sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.j > ava:949) > 14:54:20,902 ERROR [STDERR] at > sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConne > ctionImpl.java:234) > 14:54:20,902 ERROR [STDERR] at > edu.yale.its.tp.cas.util.SecureURL.retrieve(SecureURL.java:52) > 14:54:20,903 ERROR [STDERR] at > edu.yale.its.tp.cas.client.ServiceTicketValidator.validate(ServiceTicketValida > tor.java:138) > 14:54:20,903 ERROR [STDERR] at > edu.yale.its.tp.cas.client.CASReceipt.getReceipt(CASReceipt.java:50) > 14:54:20,904 ERROR [STDERR] at > org.jboss.portal.identity.sso.cas.CASAuthenticationValve.getAuthenticatedUser( > CASAuthenticationValve.java:272) > 14:54:20,904 ERROR [STDERR] at > org.jboss.portal.identity.sso.cas.CASAuthenticationValve.invoke(CASAuthenticat > ionValve.java:208) > 14:54:20,905 ERROR [STDERR] at > org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:84> ) > 14:54:20,905 ERROR [STDERR] at > org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127) > 14:54:20,906 ERROR [STDERR] at > org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) > 14:54:20,906 ERROR [STDERR] at > org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnection > Valve.java:157) > 14:54:20,907 ERROR [STDERR] at > org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:1 > 09) > 14:54:20,907 ERROR [STDERR] at > org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:262) > 14:54:20,907 ERROR [STDERR] at > org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844) > 14:54:20,908 ERROR [STDERR] at > org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11 > Protocol.java:583) > 14:54:20,908 ERROR [STDERR] at > org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:446) > 14:54:20,909 ERROR [STDERR] at java.lang.Thread.run(Thread.java:595) > > > What this problem means? > > SecureURL class, there is a method named retrieve, in this method, a > connection Is created, but there is no cert. around. It may be the problem? > So how can obtain my x509 certs. In secure url? > > Or any other solution that you know? Plase help me > > Dikkat: Bu elektronik posta mesaji kisisel ve ozeldir. Eger size > gonderilmediyse lutfen gondericiyi bilgilendirip mesaji siliniz.Firmamiza > gelen ve giden mesajlar virus taramasindan gecirilmektedir.Mesajdaki gorusler > gondericiye ait olup HAVELSAN A.S. resmi gorusu olmak zorunda degildir. > Attention: This e-mail message is private and privileged.If you are not the > recipient for whom this e-mail message is intended, please notify the sender > immediately and delete this e-mail message from your system.All sent and > received e-mail messages go through a virus scan in our company. Any opinions > presented in this e-mail message are solely those of the author and do not > necessarily represent HAVELSAN A.S.`s formal and authorized views. -- Andrew Feller, Analyst LSU University Information Services 200 Frey Computing Services Center Baton Rouge, LA 70803 Office: 225.578.3737 Fax: 225.578.6400 -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
