Could be lots of things. Without more detail it is difficult to tell but, assuming you have a client cert and are trying to authenticate to tomcat...
1. Can you connect to https://yourhost:8443/ and see the tomcat index page? 2. The cert of the authority that issued tomcat's certificate must be in cacerts 3. The cert of the authority that issued client's certificate must be in cacerts 4. Tomcat's cert needs to be a separate file specified in server.xml (see next) 5. SSL connector in server.xml needs to look something like this: <Connector className="org.apache.coyote.tomcat4.CoyoteConnector" port="8443" minProcessors="5" maxProcessors="75" enableLookups="true" acceptCount="100" debug="0" scheme="https" secure="true" useURIValidationHack="false" disableUploadTimeout="true"> <Factory className="org.apache.coyote.tomcat4.CoyoteServerSocketFactory" keystoreFile="conf/.keystore" clientAuth="false" protocol="TLS" /> </Connector> 6. Does your client browser prompt for a client certificate? 7. How have you got your realm configured? Something like <Realm className="org.apache.catalina.realm.MemoryRealm" /> in server.xml and <user username="CN=Mark Thomas, OU=My Dept, O=My Company, L=London, C=GB" password="null" roles="tomcat,admin,manager,certs"/> in tomcat-user.xml works for me. Note that certifcate authentication doesn't work with JNDI and JDBC realms (search bugzilla for details). There are also some issues with using a user database. Basically, CLIENT-CERT isn't widely used and there are still some wrinkles to iron out. Hope this helps. Mark > -----Original Message----- > From: Craig, William S. [mailto:[EMAIL PROTECTED] > Sent: Monday, July 26, 2004 10:02 PM > To: 'Tomcat Users List' > Subject: SSL Certificate Errors > > Hi, > > I'm experiencing the following errors while running Tomcat > 4.1.27 on Win2K. > I have a U.S. Government certificate in X.509 format > "trusted" on Tomcat. > I'm trying to communicate on SSL, but it appears that my > certificate isn't > trusted. I followed the instructions - any ideas on why my > certificate > isn't being trusted (if that's my problem) > > Thanks!!!!!! > > cacerts file: > pa-ng-app, Jun 16, 2004 trustedCertEntry, > Certificate fingerprint (MD5): DD:3D:8F.....etc.... > > Errors: > Exception Message: java.security.cert.CertificateException: > Could not find > trusted certificate > javax.net.ssl.SSLHandshakeException: > java.security.cert.CertificateException: Could not find > trusted certificate > at com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.a(DashoA6275) at > com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275) at > com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275) at > com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA6275) at > com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA6275) at > com.sun.net.ssl.internal.ssl.SunJSSE_ax.a(DashoA6275) at > com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275) at > com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(DashoA6275) at > com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Dash > oA6275) at > sun.net.www.protocol.https.HttpsClient.afterConnect(DashoA6275) at > sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection. > connect(DashoA > 6275) at > sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(Dash > oA6275) at > com.plumtree.content.client.http.diagnostic.DiagnosticTestsUti > l.connectAndCh > eckResponseCode(DiagnosticTestsUtil.java:127) at > com.plumtree.content.client.http.diagnostic.DiagnosticTests.te > stConnectionWi > thPortal(DiagnosticTests.java:644) at > sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccess > orImpl.java:39 > ) at > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMeth > odAccessorImpl > .java:25) at java.lang.reflect.Method.invoke(Method.java:324) at > com.plumtree.content.client.http.diagnostic.DiagnosticTests.ex > ecuteTestMetho > d(DiagnosticTests.java:202) at > com.plumtree.content.client.http.diagnostic.DiagnosticTests.ex > ecuteDiagnosti > cTests(DiagnosticTests.java:178) at > com.plumtree.content.client.http.diagnostic.DiagnosticTests.ge > tDiagnosticTes > tResults(DiagnosticTests.java:150) at > org.apache.jsp.index_0002dinclude_0002ddiagnostics_jsp._jspSer > vice(index_000 > 2dinclude_0002ddiagnostics_jsp.java:53) at > org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:137) at > ...........etc........etc..... > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
