Unable to get client authentication working in tomcat 6
I have a tomcat 5 installation that uses client authentication. I am trying to upgrade to Tomcat 6.0.24 and I am not able to get the client authentication to work. I am using the same keystore and truststore files. I am also configuring the SSL port 8443 using what I believe are the same parameters. When trying to access the site, I simply get a continual hourglass until the browser times out. I have included what I think are relevant sections from my server.xml file and log files. Any suggestions are greatly appreciated! These are parts of catalila-xx-xx.log: SEVERE: Error initializing endpoint java.lang.Exception: No Certificate file specified or invalid file format at org.apache.tomcat.jni.SSLContext.setCertificate(Native Method) at org.apache.tomcat.util.net.AprEndpoint.init(AprEndpoint.java:720) at org.apache.coyote.http11.Http11AprProtocol.init(Http11AprProtocol.java:1 07) at org.apache.catalina.connector.Connector.initialize(Connector.java:1007) at org.apache.catalina.core.StandardService.initialize(StandardService.java :677) at org.apache.catalina.core.StandardServer.initialize(StandardServer.java:7 95) at org.apache.catalina.startup.Catalina.load(Catalina.java:540) at org.apache.catalina.startup.Catalina.load(Catalina.java:560) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.jav a:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessor Impl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:261) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:413) Mar 17, 2010 3:03:29 PM org.apache.catalina.startup.Catalina load SEVERE: Catalina.start LifecycleException: Protocol handler initialization failed: java.lang.Exception: No Certificate file specified or invalid file format at org.apache.catalina.connector.Connector.initialize(Connector.java:1009) at org.apache.catalina.core.StandardService.initialize(StandardService.java :677) at org.apache.catalina.core.StandardServer.initialize(StandardServer.java:7 95) at org.apache.catalina.startup.Catalina.load(Catalina.java:540) at org.apache.catalina.startup.Catalina.load(Catalina.java:560) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.jav a:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessor Impl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:261) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:413) Mar 17, 2010 3:03:29 PM org.apache.catalina.startup.Catalina load This is the section from my server.xml file that sets up the client authentication: Connector port=8443 SSLEnabled=true maxHttpHeaderSize=8192 maxThreads=150 minSpareThreads=25 maxSpareThreads=75 enableLookups=false disableUploadTimeout=true acceptCount=100 scheme=https secure=true keystoreFile=C:\Progra~1\apache-tomcat-6.0.24\SSL\keystore truststoreFile=C:\Progra~1\apache-tomcat-6.0.24\SSL\truststore clientAuth=true sslProtocol=TLS / Thanks much!!! Paul Dobson
RE: Unable to get client authentication working in tomcat 6
Chuck, you are brilliant! Renamed tcnative-1.dll and it works. Thanks for the info on the APR connector. I'll look into that as well. Paul -Original Message- From: Caldarale, Charles R [mailto:chuck.caldar...@unisys.com] Sent: Tuesday, March 23, 2010 8:54 AM To: Tomcat Users List Subject: RE: Unable to get client authentication working in tomcat 6 From: Dobson, Paul L CTR USAF AFMC 416 SCMS/OBN [mailto:paul.dob...@hill.af.mil] Subject: Unable to get client authentication working in tomcat 6 I have a tomcat 5 installation that uses client authentication. I am trying to upgrade to Tomcat 6.0.24 and I am not able to get the client authentication to work. You appear to have enabled the native APR connector, which uses OpenSSL, not JSSE. This is the section from my server.xml file that sets up the client authentication: Connector port=8443 SSLEnabled=true maxHttpHeaderSize=8192 maxThreads=150 minSpareThreads=25 maxSpareThreads=75 enableLookups=false disableUploadTimeout=true acceptCount=100 scheme=https secure=true keystoreFile=C:\Progra~1\apache-tomcat-6.0.24\SSL\keystore truststoreFile=C:\Progra~1\apache-tomcat-6.0.24\SSL\truststore clientAuth=true sslProtocol=TLS / The above is for the Java-based connector. The easiest thing would be to disable the APR code by deleting or renaming tcnative-1.dll in Tomcat's bin directory. If you decide you want to use the APR SSL code (it's faster), the doc is here: http://tomcat.apache.org/tomcat-6.0-doc/apr.html - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org