Hi, I am still trying to figure out what is going wrong with my client-side authentication. I've started using the OpenSSL command line tool to debug, rather than a web browser. From the command line I am running:
OpenSSL> s_client -connect localbox:8443 -cert client.pem -CAfile ca.pem -state Which open an SSL connection to my Tomcat connector port, with the provided clientside cert and the cert for my CA. I am getting the following output: Loading 'screen' into random state - done CONNECTED(000002CC) SSL_connect:before/connect initialization SSL_connect:SSLv2/v3 write client hello A SSL_connect:SSLv3 read server hello A depth=1 /C=US/ST=Ma/L=Camb/O=MyCompany/OU=MyGroup/CN=ENDECA-CA/[EMAIL PROTECTED] verify return:1 depth=0 /C=US/ST=Ma/O=MyCompany/OU=MyGroup/CN=localbox verify return:1 SSL_connect:SSLv3 read server certificate A SSL_connect:SSLv3 read server key exchange A SSL_connect:SSLv3 read server certificate request A SSL_connect:SSLv3 read server done A SSL_connect:SSLv3 write client certificate A SSL_connect:SSLv3 write client key exchange A SSL_connect:SSLv3 write certificate verify A SSL_connect:SSLv3 write change cipher spec A SSL_connect:SSLv3 write finished A SSL_connect:SSLv3 flush data SSL_connect:error in SSLv3 read finished A SSL_connect:error in SSLv3 read finished A write:errno=10054 But I can't figure out how to find a log of what is happening on the other side. I am using Tomcat 4.0.1 on a RedHat 7.3 system, but I don't know where to look to find the JSSE output. I have looked at the tomcat log files, and the catalina_log shows "The incoming request has been awaited" and "The incoming request has been assigned", but there is nothing in my access log or anything at all related to SSL or JSSE. If you have any suggestions on how to debug this problem, please let me know. Thanks, Mike --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
