R: Client certificate authentication

Tue, 03 Oct 2000 01:04:46 -0700 

I can help you partially. I had the same 403 Forbidden problem and I'm
waiting for a response from official support (5 days).
For the Cert ID use the sample page ssl-user-registration.jsp in demo SSL.
It will show the cert id you are looking for.
If you solve the 403 problem tell me.

���`����,��,����`�������`����,��,����`�����
Luciano Montebove - Software Architect - Finsiel S.p.a
E-mail: [EMAIL PROTECTED]  Phone:  (+39) 06-4142-7663
"If you don't fail now and again, it's a sign you're playing it safe"
-W. Allen
���`����,��,����`�������`����,��,����`�����



-----Messaggio originale-----
Da: Lopez Esteban [mailto:[EMAIL PROTECTED]]
Inviato: luned� 2 ottobre 2000 14.57
A: Orion-Interest
Oggetto: Client certificate authentication


Hi

I need to authenticate clients with digital certificates, I have a VeriSign
trial client certificate and I'm using IE 5.0. The certificate is well
installed in IE.
I'm working with Orion 1.2.9 and HTTPS. I'm using
<auth-method>CLIENT-CERT</auth-method> in de login config of WEB.XML file.
When I connect to the WEB site I see the follow error:
403 Forbidden
Your cert's user does not have access to this resource

Please, anybody could help me about this?

Note: In the PRINCIPAL.XML file when I set the user that has a certificate I
do the follow:

                <user username="A name here">
                        <description>no description</description>
                        <certificate-issuer>CN = VeriSign Class 1 CA
Individual Subscriber-Persona Not Validated, OU =
www.verisign.com/repository/RPA Incorp. By Ref.,LIAB.LTD(c)98, OU = VeriSign
Trust Network, O = VeriSign, Inc.</certificate-issuer>
                        <certificate-serial-id>I don't
know</certificate-serial-id>
                        <group-membership group="users"/>
                        <group-membership group="guests"/>
                </user>

In <certificate-serial-id>  tag I've an hexa number and when I put this
serial number in it, the Orion throws the follow exception:
java.lang.NumberFormatException: 297D6F02EA75C1
        at java.lang.Long.parseLong(Unknown Source)
        at java.math.BigInteger.<init>(Unknown Source)
        at java.math.BigInteger.<init>(Unknown Source)
        at com.evermind.server.gs.<init>(JAX)
        at com.evermind.server.XMLUserManager.ajf(JAX)
        at com.evermind.server.XMLUserManager.ajd(JAX)
        at com.evermind.server.XMLUserManager.bw(JAX)
        at com.evermind.xml.XMLConfig.br(JAX)
        at com.evermind.xml.XMLConfig.ax(JAX)
        at com.evermind.xml.XMLConfig.ax(JAX)
        at com.evermind.xml.XMLConfig.update(JAX)
        at com.evermind.server.gw.run(JAX)
        at com.evermind.util.g.run(JAX)
        at com.evermind.util.f.run(JAX)

What serial number I must to put in this tag?

Thanks, Esteban

Reply via email to