Steven Bradley wrote: > I'm using Tomcat 4.0 standalone on Windows 2000 and am having trouble > getting SSL client authentication working (getting SSL server auth > working was a snap). Here's what I've done so far: > > * created a self-signed client cert using openSSL (key usage includes > digital signature) > * imported client cert (and private key) into Internet Explorer (by way > of a PKCS#12 file) > * imported the Tomcat JKS file with the client certificate
CA file? > * configure tomcat server.xml file as follows: > > <Connector className="org.apache.catalina.connector.http.HttpConnector" > port="443" > minProcessors="5" > maxProcessors="75" > enableLookups="true" > acceptCount="10" > debug="0" > scheme="https" > secure="true"> > <Factory className="org.apache.catalina.net.SSLServerSocketFactory" > clientAuth="true" > keystoreFile="conf/server.keystore" > keystorePass ="password" > protocol="TLS"/> > </Connector> > > * stop/start tomcat > * point IE browser to https://localhost/index.html > > What IE tells me is that the page can't be displayed (after some > handshaking attempts). Unfortunately, there is no log info generated > (even if I increase the debug param in the <Connector> element). Try with Mozilla or with openssl (something like: openssl s_client -port 8443 -host localhost). Does it work when clientAuth="false"? > > Any clues as to what I may be doing wrong? Has ANYONE been able to get > SSL client authentication working with Tomcat 4.0 standalone (Catalina). Sure I tested it... It worked ok. Make sure the CA that has signed your certificates is in the CA file ($JAVA_HOME/jre/lib/security/cacerts or something). > > Thanks in advance > -- Steven > > > -- > To unsubscribe, e-mail: > <mailto:[EMAIL PROTECTED]> > For additional commands, e-mail: > <mailto:[EMAIL PROTECTED]> > > -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
