Thanks guys - Got the configs and logging worked out. Your help appreciated. Still stuck on getting the .pfx out of the client.keystore. Trying java forums on that front. If anyone interested in the solution let me know and I'll fill you in when I get it worked out.
- wjs -----Original Message----- From: news [mailto:[EMAIL PROTECTED] On Behalf Of Bill Barker Sent: Saturday, March 05, 2005 3:27 PM To: tomcat-user@jakarta.apache.org Subject: [QUAR]Re: Tomcat5 and Client Certificates "Jason Bainbridge" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > On Fri, 4 Mar 2005 06:54:34 -0800, Sweeney, Bill > <[EMAIL PROTECTED]> > wrote: >> Hello TC5 Users - >> I used %java-home%/bin/keytool to build the certificate store and the >> server and client certificates (self-signed). Tomcat asks for the >> client certificate when I try and connect, but - here is the problem: >> >> (1) I can't seem to get the client key to export properly so that I >> can install it in the browser; how do I get a .pfx out of the keystore? > > I think you are going to have to use openssl to convert the file after > exporting it, http://www.mindreef.com/products/4.1/help/sslcerts.html > has a little info on that but the reverse. I'm sure there are better > resources but that was the first Google I saw. > >> (2) How can I validate which certificate store is being used by tomcat? >> (I made a few along the way in testing) > > There is a parameter (keyStoreFile?) that you can specify the location > in the Connector properties it's detailled in one of those links you > have. The one you want is: truststoreFile. > >> (3) I set debug="3" in the SSL connector but am not seeing the SSL >> handshake in stdout. Is there some other way for setting debug to >> see the handshake? > > Not sure on that one. Configure the logging category 'org.apache.tomcat.util.net.jsse' to be DEBUG (in your log4j/JDK 1.4 logging configuration). That will give you lots of Tomcat messages. If you want lower level messages, consult the JSSE docs. > > Regards, > -- > Jason Bainbridge > http://kde.org - [EMAIL PROTECTED] > Personal Site - http://jasonbainbridge.com --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
