Hi Bill,
For a test, I created a new keystore file that use the keytool from java:
%JAVA_HOME%\bin\keytool -genkey -alias tomcat -keyalg RSA
the password is: "kleber"
My server.xml file is like this:
<Connector className="org.apache.coyote.tomcat4.CoyoteConnector"
redirectPort="443" bufferSize="2048"
serverSocketTimeout="0" connectionUploadTimeout="300000" port="443"
connectionTimeout="60000"
scheme="https" enableLookups="true" secure="true"
protocolHandlerClassName="org.apache.coyote.http11.Http11Protocol"
debug="0" maxKeepAliveRequests="100" disableUploadTimeout="true"
proxyPort="0"
maxProcessors="75" minProcessors="5" tcpNoDelay="true"
acceptCount="100"
useURIValidationHack="false" compression="off"
connectionLinger="-1">
<Factory
className="org.apache.coyote.tomcat4.CoyoteServerSocketFactory"
rootFile="C:\WINDOWS\root.pem" keystoreType="JKS"
keystorePass="kleber" clientAuth="false"
randomFile="C:\WINDOWS\random.pem"
keystoreFile="c:\Tomcat\keystore\.keystore" protocol="TLS"/>
</Connector>
As I ever had said, the page with https:// load normally at the browser,
however at DOS windows appears this error:
[WARN] Http11Processor - -Exception getting SSL attributes
<javax.net.ssl.SSLPeerUnverifiedException: peer not
authenticated>javax.net.ssl.SSLPeerUnverifiedException: peer not
authenticated
at
com.sun.net.ssl.internal.ssl.SSLSessionImpl.getPeerCertificateChain(DashoA62
75)
at
org.apache.tomcat.util.net.jsse.JSSESupport.getX509Certificates(JSSESupport.
java:113)
at
org.apache.tomcat.util.net.jsse.JSSESupport.getPeerCertificateChain(JSSESupp
ort.java:161)
at
org.apache.coyote.http11.Http11Processor.action(Http11Processor.java:748)
at org.apache.coyote.Response.action(Response.java:222)
at
org.apache.coyote.tomcat4.CoyoteAdapter.postParseRequest(CoyoteAdapter.java:
321)
at
org.apache.coyote.tomcat4.CoyoteAdapter.service(CoyoteAdapter.java:221)
at
org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:601)
at
org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConne
ction(Http11Protocol.java:392)
at
org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java:565)
at
org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.jav
a:619)
at java.lang.Thread.run(Thread.java:484)
I'm also attaching my keystore file
I�m thankful for your attention...
Kleber
----- Original Message -----
From: "Bill Barker" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, September 18, 2003 12:03 AM
Subject: Re: peer not authenticated
> That message is supposed to be only logged at 'debug' level. Could you
post
> more of the stack trace, so I can see how to plug this message under
normal
> use?
>
> The error itself is harmless (it's just telling you that the user didn't
> send a client cert, which is normal).
>
> "Kleber" <[EMAIL PROTECTED]> wrote in message
> news:[EMAIL PROTECTED]
> Hi,
>
> My name is Kleber, I am brazilian and I have a problem with Tomcat
> certificates(if someone could help me, I would be grateful).
> I was trying to place Tomcat certificate 4.1.27, however I've just had a
> certificate, because nowadays I'm using Orion server.
> I have one file called keystore and another '.cer'.
>
> I had created a HTTP connection using port 443 and I have used the path
from
> the keystore file. Till this point, everything was working well, the
Tomcat
> was starting normally. When I open a website that use a 'secure
encryption',
> it is loaded normally, however, a error message apears on DOS:
> javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
>
> I had created an keystore file from the beginning, even so the same
message
> error has apeared. I also have tried to import, without sucess, the
content
> from my .cer file to an empty keystore file.
>
> Where was I messing up?
>
> Since now I�m thankful for your help and I�m waiting for an aswer.
> []�s
> Kleber
>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
