Hi, > Whenever I try to set the parameter clientAuth="true" in the server.xml to > accept client certificate from the user, after restarting Tomcat starts up > well, but then I get 'Cannot find server' error when I try to access the > https sites. But the http sites work perfectly. > But when this parameter is set to 'false' https and http both works > perfectly, though the client is not asked for certificate. > The server certificate I am using has been generated by keytool. > The client certificate is a third party one. > I am using Tomcat standalone version 4.0.1 with jdk1.3.1 > I have downloaded the jsse1.0.2 and put the 3 jar files in the jdk ext path. > Any pointer will be really helpful.
We're using client auth in our application and here's how we got it working (Linux 2.4/Windows NT/Windows 2000, Sun Jdk 1.3.1_02/IBM JDK 1.3): - The key store used when validating client certs against CA certs is JAVA_HOME/jre/lib/security/cacerts - Delete all unwanted CA certs from this keystore (usually all of them). - Add the required CA certs. - Client auth should now work fine. This solution has the problem that it affects all Java programs using JSSE. That's not an issue in our environment, but it may be in your's. Maybe an SSL specialist knows a little more about this (Erik?). BTW, I didn't see anything about this in the docs (though I haven't looked at them for quite a while). If it's not there, it should be added. Of course, a clean solution that only affects individual webapps would be better. Does it help using PureTLS? Best regards Andreas Junghans -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
