RE: Unable to get client authentication working in tomcat 6
Chuck, you are brilliant! Renamed tcnative-1.dll and it works. Thanks for the info on the APR connector. I'll look into that as well. Paul -Original Message- From: Caldarale, Charles R [mailto:chuck.caldar...@unisys.com] Sent: Tuesday, March 23, 2010 8:54 AM To: Tomcat Users List Subject: RE: Unable to get client authentication working in tomcat 6 > From: Dobson, Paul L CTR USAF AFMC 416 SCMS/OBN > [mailto:paul.dob...@hill.af.mil] > Subject: Unable to get client authentication working in tomcat 6 > > I have a tomcat 5 installation that uses client authentication. I am > trying to upgrade to Tomcat 6.0.24 and I am not able to get the client > authentication to work. You appear to have enabled the native APR connector, which uses OpenSSL, not JSSE. > This is the section from my server.xml file that sets up the client > authentication: > > maxThreads="150" minSpareThreads="25" maxSpareThreads="75" > enableLookups="false" disableUploadTimeout="true" acceptCount="100" > scheme="https" secure="true" > keystoreFile="C:\Progra~1\apache-tomcat-6.0.24\SSL\keystore" > truststoreFile="C:\Progra~1\apache-tomcat-6.0.24\SSL\truststore" > clientAuth="true" sslProtocol="TLS" /> The above is for the Java-based connector. The easiest thing would be to disable the APR code by deleting or renaming tcnative-1.dll in Tomcat's bin directory. If you decide you want to use the APR SSL code (it's faster), the doc is here: http://tomcat.apache.org/tomcat-6.0-doc/apr.html - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Unable to get client authentication working in tomcat 6
I have a tomcat 5 installation that uses client authentication. I am trying to upgrade to Tomcat 6.0.24 and I am not able to get the client authentication to work. I am using the same keystore and truststore files. I am also configuring the SSL port 8443 using what I believe are the same parameters. When trying to access the site, I simply get a continual hourglass until the browser times out. I have included what I think are relevant sections from my server.xml file and log files. Any suggestions are greatly appreciated! These are parts of catalila-xx-xx.log: SEVERE: Error initializing endpoint java.lang.Exception: No Certificate file specified or invalid file format at org.apache.tomcat.jni.SSLContext.setCertificate(Native Method) at org.apache.tomcat.util.net.AprEndpoint.init(AprEndpoint.java:720) at org.apache.coyote.http11.Http11AprProtocol.init(Http11AprProtocol.java:1 07) at org.apache.catalina.connector.Connector.initialize(Connector.java:1007) at org.apache.catalina.core.StandardService.initialize(StandardService.java :677) at org.apache.catalina.core.StandardServer.initialize(StandardServer.java:7 95) at org.apache.catalina.startup.Catalina.load(Catalina.java:540) at org.apache.catalina.startup.Catalina.load(Catalina.java:560) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.jav a:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessor Impl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:261) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:413) Mar 17, 2010 3:03:29 PM org.apache.catalina.startup.Catalina load SEVERE: Catalina.start LifecycleException: Protocol handler initialization failed: java.lang.Exception: No Certificate file specified or invalid file format at org.apache.catalina.connector.Connector.initialize(Connector.java:1009) at org.apache.catalina.core.StandardService.initialize(StandardService.java :677) at org.apache.catalina.core.StandardServer.initialize(StandardServer.java:7 95) at org.apache.catalina.startup.Catalina.load(Catalina.java:540) at org.apache.catalina.startup.Catalina.load(Catalina.java:560) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.jav a:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessor Impl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:261) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:413) Mar 17, 2010 3:03:29 PM org.apache.catalina.startup.Catalina load This is the section from my server.xml file that sets up the client authentication: Thanks much!!! Paul Dobson