I have gotten clientAuth=true working with Tomcat 5.
It is important to get the trusted certificates properly defined. I did this, export CATALINA_OPTS="-Djavax.net.ssl.trustStore=/home/bob/issues/ssl/cacerts.jks -Djavax.net.ssl.trustStorePassword=changeit" And sometimes defined this to get extra info. # -Djavax.net.debug=ssl,handshake,data,trustmanager" Cheers, -bob On Mon, 2002-10-14 at 20:13, Steven Bradley wrote: > I'm using Tomcat 4.0 standalone on Windows 2000 and am having trouble > getting SSL client authentication working (getting SSL server auth working > was a snap). Here's what I've done so far: > > * created a self-signed client cert using openSSL (key usage includes > digital signature) > * imported client cert (and private key) into Internet Explorer (by way of > a PKCS#12 file) > * imported the Tomcat JKS file with the client certificate > * configure tomcat server.xml file as follows: > > <Connector className="org.apache.catalina.connector.http.HttpConnector" > port="443" > minProcessors="5" > maxProcessors="75" > enableLookups="true" > acceptCount="10" > debug="0" > scheme="https" > secure="true"> > <Factory className="org.apache.catalina.net.SSLServerSocketFactory" > clientAuth="true" > keystoreFile="conf/server.keystore" > keystorePass ="password" > protocol="TLS"/> > </Connector> > > * stop/start tomcat > * point IE browser to https://localhost/index.html > > What IE tells me is that the page can't be displayed (after some > handshaking attempts). Unfortunately, there is no log info generated (even > if I increase the debug param in the <Connector> element). > > Any clues as to what I may be doing wrong? Has ANYONE been able to get SSL > client authentication working with Tomcat 4.0 standalone (Catalina). > > Thanks in advance > -- Steven > > > -- > To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> > For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
