I have followed the instructions in server.xml for configuring SSL with Tomcat.
When I try to access the SSL connection at http://ip.add.re.ss:8443, the server
thinks about it, then my browser (IE5) displays and empty certificates box for
me the select the certificate I want to use. The certificate I want to use is
the one created by following the tomcat-ssl-howto. I specified a keystore
directory when using the keytool command.
Perusing the Tomcat archives revealed nothing useful, but the OpenSSL FAQ
produced this interesting little tidbit:
"What will typically happen is that when a server requests authentication it
will either not include your certificate or tell you that you have no client
certificates (Netscape) or present you with an empty list box (MSIE). The
reason for this is that when a server requests a client certificate it
includes a list of CAs names which it will accept. Browsers will only let you
select certificates from the list on the grounds that there is little point
presenting a certificate which the server will reject.
The solution is to add the relevant CA certificate to your servers "trusted CA
list". How you do this depends on the server sofware in uses."
Does this mean Tomcat needs to be configured to present the certificate? If
so, how and where?
Thanks in advance.
Dion Vansevenant
Internetwork Administrator
MRO.com
