Hello, I have a cert importation problem here is the output of an openSSL command (openssl s_client -connect 127.0.0.1:8443 -cert cl_cert.pem -key cl_key.pem -state) : Enter PEM pass phrase: CONNECTED(00000003) SSL_connect:before/connect initialization SSL_connect:SSLv2/v3 write client hello A SSL3 alert read:fatal:handshake failure SSL_connect:error in SSLv2/v3 read server hello A 1993:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure:s23_clnt.c:453: Can someone help me ? Is it a way to make it work without installing apache ? Thanks for your answer I have this tomcat configuration : <Connector className="org.apache.tomcat.service.PoolTcpConnector"> <Parameter name="handler" value="org.apache.tomcat.service.http.HttpConnectionHandler"/> <Parameter name="port" value="8443"/> <Parameter name="socketFactory" value="org.apache.tomcat.net.SSLSocketFactory" /> <Parameter name="keystore" value="/opt/tomcat-3-2-2/tomcat/conf/keystore" /> <Parameter name="keypass" value="pwd_sr" /> <Parameter name="clientAuth" value="true" /> </Connector> And that are all the lines procedure I entered to make it well work mkdir ./demoCA echo "" > ./demoCA/index.txt echo "01" > ./demoCA/serial # CA openssl req -new -out ca_req.pem -keyout ca_key.pem #pwd:pwd_ca #challenge_pwd:ch_ca #company name:THE_ORG # CLIENT openssl req -new -out cl_req.pem -keyout cl_key.pem #pwd:pwd_cl #ch_pwd:ch_cl #company name:THE_ORG # SERVER openssl req -new -out sr_req.pem -keyout sr_key.pem #pwd:pwd_sr #ch_pwd:ch_sr #company name:THE_ORG # CA AUTH echo "CA AUTH : enter CA password" openssl req -x509 -in ca_req.pem -key ca_key.pem -out ca_cert.pem #pwd:pwd_ca rm ./demoCA/index.txt rm ./demoCA/serial cat "" > ./demoCA/index.txt cat "01" > ./demoCA/serial # CLIENT AUTH BY CA echo "CL AUTH : enter CA password" openssl ca -cert ca_cert.pem -in cl_req.pem -out cl_cert.pem -keyfile ca_key.pem -config /usr/local/ssl/openssl.cnf #pwd:pwd_ca # SERVER AUTH BY CA echo "SR AUTH : enter CA password" openssl ca -cert ca_cert.pem -in sr_req.pem -out sr_cert.pem -keyfile ca_key.pem -config /usr/local/ssl/openssl.cnf #pwd:pwd_ca # CONVERT SERVER AUTH FROM PEM FORMAT TO DER FORMAT openssl x509 -inform PEM -in sr_cert.pem -outform DER -out sr_cert.der # REMOVE PREVIOUS KEYSTORE rm /opt/tomcat-3-2-2/tomcat/conf/keystore # IMPORT SERVER CERT IN TOMCAT KEYSTORE echo "IMPORT SR CERT : enter SR password" /usr/java/jdk1.3/bin/keytool -import -v -trustcacerts -alias tomcat -file sr_cert.der -keystore /opt/tomcat-3-2-2/tomcat/conf/keystore #pwd:pwd_sr # CONVERTING CLIENT CERT INTO NETSCAPE PKCS12 FORMAT echo "CL CERT CONVERSION : PEM -> P12 : enter CL passwd" openssl pkcs12 -in cl_cert.pem -inkey cl_key.pem -export -out cl_cert.p12 #pwd:pwd_cl #exp_pwd:pwd_cl # CONNECTION TO THE TOMCAT SERVER openssl s_client -connect 127.0.0.1:8443 -cert cl_cert.pem -key cl_key.pem -state __________________________________________________ Voila vous propose une boite aux lettres gratuite sur Voila Mail: http://mail.voila.fr