Hi all, I have a question regarding client authentication over SSL with the Tomcat servers. Firstly, I cannot seem to get Tomcat 3.2 (final) to work with any SSL3 clients with client auth turned on... This includes Netscape>4, IE>4, and the openssl client (all Win32, except openssl client on linux). The SSL negotiation simply fails (fairly early on when watching it with openssl debug on) and the server reports the following error: Ctx( ): 400 R( /) null IOException in: R ( /) Socket closed >From the perspective of IE4, you just see an empty list of client certs to choose from. I have created my own root and ca certs, inserted them into the 'cacerts' keystore for my jvm (sun jdk1.3 on Win32), and the web clients. I have also imported a leaf client cert for this chain into the clients, and leaf server cert for this chain into the server keystore (alias tomcat). With Tomcat 4 milestone 4 the whole process works very well for Netscape 4 and Mozilla/Netscape 6 running the PSM (with successful retrieval of all client SSL attributes with JSP). Tomcat 4 also works fine for client side auth with the openssl client. However it still does not work with the IE browsers (they simply report that pointless no-help IE error page (yep friendly msgs are turned off)). I realise that all SSL3 client auth communications depend heavily on several factors -> client and server vendors, tools used to create the certs, software versions, format and components of the certs, phase of the moon, wind speed etc. So my question is this...is anybody successfully using Tomcat 3.2 or 4.0 for SSL3 w/ client authentication that works for both IE and Netscape browsers ?? If so I will just keep tweaking my certificates to see if they are at fault. Many thanks, Dave Elliot ____________________________________________________________ Do You Yahoo!? Get your free @yahoo.co.uk address at http://mail.yahoo.co.uk or your free @yahoo.ie address at http://mail.yahoo.ie
