Hi, I have configured Apache with ssl using a self-signed certificate, and then generated a client certificate from the server certificate. With SSLVerifyClient set to 'require', I can get to Dspace only from a browser with the client certificate installed. So it works!
But getting Dspace to recognize the certificate is my problem. When I try to login with the certificate, at https://myserver/jspui/certificate-login, I get the message: 'You do not seem to have a valid Web certificate.' I am running Apache 2.4.18, Apache Tomcat/8.5.15, and Dspace 6.1 on Ubuntu 16.04. In my apache conf, I have SSLOptions StdEnvVars ExportCertData. I loaded my client.crt certificate into the tomcat keystore, following the directions in https://wiki.duraspace.org/display/DSDOC6x/Installing+DSpace: Optional – ONLY if you need to accept client certificates for the X.509 certificate stackable authentication module See the configuration section for instructions on enabling the X.509 authentication method. Load the keystore with the CA (certifying authority) certificates for the authorities of any clients whose certificates you wish to accept. For example, assuming the client CA certificate is in *client1.pem*: $JAVA_HOME/bin/keytool -import -noprompt -storepass changeit -trustcacerts -keystore $CATALINA_BASE/conf/keystore -alias client1 -file client1.pem I have set authentication.cfg so it includes X509 authentication: plugin.sequence.org.dspace.authenticate.AuthenticationMethod = org.dspace.authenticate.PasswordAuthentication,org.dspace.authenticate.X509Authentication I have set authentication-x509.cfg to include the keystore and password: authentication-x509.keystore.path = /opt/tomcat/conf/keystore authentication-x509.keystore.password = changeit What am I missing? Thanks, Paul -- You received this message because you are subscribed to the Google Groups "DSpace Technical Support" group. To unsubscribe from this group and stop receiving emails from it, send an email to dspace-tech+unsubscr...@googlegroups.com. To post to this group, send email to dspace-tech@googlegroups.com. Visit this group at https://groups.google.com/group/dspace-tech. For more options, visit https://groups.google.com/d/optout.
