Yes, I did it. It worked fine. * First, let the clientAuth="false" then try.
If it doesn't work, you might going wrong when generating the certificates stuff. Here are the steps: keytool -genkey -keystore client.keystore -alias client1 keytool -keystore client.keystore -certreq -file client.csr -alias client1 openssl ca -config /openssl.cnf -in client.csr -out client.pem -keyfile ca.key openssl x509 -in client.pem -out client.der -outform DER keytool -keystore -import -file ca.cert -alias root keytool -keystore -import -file client.der -alias client1 If you strictly follow these steps, you will be able to get it done. Please try and let me know the feedback to [EMAIL PROTECTED] Cheers -----Original Message----- From: jean-frederic clere [mailto:[EMAIL PROTECTED]] Sent: Tuesday, October 15, 2002 3:53 PM To: Tomcat Developers List Subject: Re: SSL client auth in Tomcat 4.0 Steven Bradley wrote: > I'm using Tomcat 4.0 standalone on Windows 2000 and am having trouble > getting SSL client authentication working (getting SSL server auth > working was a snap). Here's what I've done so far: > > * created a self-signed client cert using openSSL (key usage includes > digital signature) > * imported client cert (and private key) into Internet Explorer (by way > of a PKCS#12 file) > * imported the Tomcat JKS file with the client certificate CA file? > * configure tomcat server.xml file as follows: > > <Connector className="org.apache.catalina.connector.http.HttpConnector" > port="443" > minProcessors="5" > maxProcessors="75" > enableLookups="true" > acceptCount="10" > debug="0" > scheme="https" > secure="true"> > <Factory className="org.apache.catalina.net.SSLServerSocketFactory" > clientAuth="true" > keystoreFile="conf/server.keystore" > keystorePass ="password" > protocol="TLS"/> > </Connector> > > * stop/start tomcat > * point IE browser to https://localhost/index.html > > What IE tells me is that the page can't be displayed (after some > handshaking attempts). Unfortunately, there is no log info generated > (even if I increase the debug param in the <Connector> element). Try with Mozilla or with openssl (something like: openssl s_client -port 8443 -host localhost). Does it work when clientAuth="false"? > > Any clues as to what I may be doing wrong? Has ANYONE been able to get > SSL client authentication working with Tomcat 4.0 standalone (Catalina). Sure I tested it... It worked ok. Make sure the CA that has signed your certificates is in the CA file ($JAVA_HOME/jre/lib/security/cacerts or something). > > Thanks in advance > -- Steven > > > -- > To unsubscribe, e-mail: > <mailto:[EMAIL PROTECTED]> > For additional commands, e-mail: > <mailto:[EMAIL PROTECTED]> > > -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> * ** *** ** * ** *** ** * ** *** ** * This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. Any views or opinions presented are solely those of the author, and do not necessarily represent those of ESB. If you have received this email in error please notify the sender. Although ESB scans e-mail and attachments for viruses, it does not guarantee that either are virus-free and accepts no liability for any damage sustained as a result of viruses. * ** *** ** * ** *** ** * ** *** ** * -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
