Re: Tomcat SSL mutual authentication: Nobody's got a clue?

2003-03-28 Thread Reinhard Moosauer
Hi,

when Internet Explorer prompts you with the list of certificates to send to 
the server, it checks KeyUsage of the certs in you keystore.
If the list is empty, it means you have no usable cert.

How do you generate your certs? If you use openssl, please consult
openssl.txt in the docs. KeyUsage is explained there.
The behavior is dependent of version of ie and windows. 

Certs from a trustcenter are very restricted in respect of usage. A email cert 
may be usable only for email, and nothing more. Same for file encryption 
(EFS), code signature and authentication, ...
Non-Repudiation could be the KeyUsage you need. But don't know
Take care: the KeyUsage of the CA-cert is sometimes also checked. Not talking 
about CRLs.

With a Win2000 CA you have to chose the right profile when requesting the 
cert.

This is definitely the wrong list to get deeper insight with certificates. But 
I am also not sure what the right place would be... 
openssl could be a good idea.

With this program you can generate test certs for any usage:
http://sourceforge.net/projects/myca
(Usable with Linux and cygwin. It's based on openssl)

Sometimes it is useful to test it with another browser. 

hope that helps,

Reinhard

Am Dienstag, 25. März 2003 23:53 schrieb [EMAIL PROTECTED]:
 Thanks, but I have read that documentation many times.

 That documentations tells us how to run Tomcat in SSL mode.  And as I
 mentioned in the previous message, I know how to do that.

 What I want is mutual authentication, that is,

 1. The Web server authenticates itself by sending its certificate to the
 client.  (This is what the doc talks about)

 2. The client authenticates itself by sending its certificate to the Web
 server.  (This is not mentioned in that documentation, and is what I want
 to do)

 Bill Barker [EMAIL PROTECTED] wrote:
 http://jakarta.apache.org/tomcat/tomcat-4.1-doc/ssl-howto.html
 
 - Original Message -

 From: [EMAIL PROTECTED]

 To: Tomcat Developers List [EMAIL PROTECTED]
 Sent: Tuesday, March 25, 2003 1:44 PM
 Subject: Tomcat SSL mutual authentication: Nobody's got a clue?
 
  I want configure Tomcat SSL for mutual authentication.  And I've been
 
 exploring this for a while.
 
  If tomcat-users don't know this, tomcat-developers also get no clue?
 
  __
  Try AOL and get 1045 hours FREE for 45 days!
  http://free.aol.com/tryaolfree/index.adp?375380
 
  Get AOL Instant Messenger 5.1 for FREE! Download Now!
  http://aim.aol.com/aimnew/Aim/register.adp?promos=380455
 
  -
  To unsubscribe, e-mail: [EMAIL PROTECTED]
  For additional commands, e-mail: [EMAIL PROTECTED]
 
 -
 To unsubscribe, e-mail: [EMAIL PROTECTED]
 For additional commands, e-mail: [EMAIL PROTECTED]

 __
 Try AOL and get 1045 hours FREE for 45 days!
 http://free.aol.com/tryaolfree/index.adp?375380

 Get AOL Instant Messenger 5.1 for FREE! Download Now!
 http://aim.aol.com/aimnew/Aim/register.adp?promos=380455

 -
 To unsubscribe, e-mail: [EMAIL PROTECTED]
 For additional commands, e-mail: [EMAIL PROTECTED]


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Tomcat SSL mutual authentication: Nobody's got a clue?

2003-03-25 Thread choreson
I want configure Tomcat SSL for mutual authentication.  And I've been exploring this 
for a while.

If tomcat-users don't know this, tomcat-developers also get no clue?

__
Try AOL and get 1045 hours FREE for 45 days!
http://free.aol.com/tryaolfree/index.adp?375380

Get AOL Instant Messenger 5.1 for FREE! Download Now!
http://aim.aol.com/aimnew/Aim/register.adp?promos=380455

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: Tomcat SSL mutual authentication: Nobody's got a clue?

2003-03-25 Thread Bill Barker
http://jakarta.apache.org/tomcat/tomcat-4.1-doc/ssl-howto.html

- Original Message -
From: [EMAIL PROTECTED]
To: Tomcat Developers List [EMAIL PROTECTED]
Sent: Tuesday, March 25, 2003 1:44 PM
Subject: Tomcat SSL mutual authentication: Nobody's got a clue?


 I want configure Tomcat SSL for mutual authentication.  And I've been
exploring this for a while.

 If tomcat-users don't know this, tomcat-developers also get no clue?

 __
 Try AOL and get 1045 hours FREE for 45 days!
 http://free.aol.com/tryaolfree/index.adp?375380

 Get AOL Instant Messenger 5.1 for FREE! Download Now!
 http://aim.aol.com/aimnew/Aim/register.adp?promos=380455

 -
 To unsubscribe, e-mail: [EMAIL PROTECTED]
 For additional commands, e-mail: [EMAIL PROTECTED]



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: Tomcat SSL mutual authentication: Nobody's got a clue?

2003-03-25 Thread choreson
Thanks, but I have read that documentation many times.

That documentations tells us how to run Tomcat in SSL mode.  And as I mentioned in the 
previous message, I know how to do that.

What I want is mutual authentication, that is, 

1. The Web server authenticates itself by sending its certificate to the client.  
(This is what the doc talks about)

2. The client authenticates itself by sending its certificate to the Web server.  
(This is not mentioned in that documentation, and is what I want to do)


Bill Barker [EMAIL PROTECTED] wrote:

http://jakarta.apache.org/tomcat/tomcat-4.1-doc/ssl-howto.html

- Original Message -
From: [EMAIL PROTECTED]
To: Tomcat Developers List [EMAIL PROTECTED]
Sent: Tuesday, March 25, 2003 1:44 PM
Subject: Tomcat SSL mutual authentication: Nobody's got a clue?


 I want configure Tomcat SSL for mutual authentication.  And I've been
exploring this for a while.

 If tomcat-users don't know this, tomcat-developers also get no clue?

 __
 Try AOL and get 1045 hours FREE for 45 days!
 http://free.aol.com/tryaolfree/index.adp?375380

 Get AOL Instant Messenger 5.1 for FREE! Download Now!
 http://aim.aol.com/aimnew/Aim/register.adp?promos=380455

 -
 To unsubscribe, e-mail: [EMAIL PROTECTED]
 For additional commands, e-mail: [EMAIL PROTECTED]



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



__
Try AOL and get 1045 hours FREE for 45 days!
http://free.aol.com/tryaolfree/index.adp?375380

Get AOL Instant Messenger 5.1 for FREE! Download Now!
http://aim.aol.com/aimnew/Aim/register.adp?promos=380455

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]