You need to pass the truststore into Tomcat as a JVM option. Look in the archives of the list for SSL. I posted all of my steps a month or so ago.
Chris -----Original Message----- From: Ryan LeCompte [mailto:[EMAIL PROTECTED] Sent: Thursday, November 18, 2004 2:07 PM To: [EMAIL PROTECTED] Subject: SSL mutual authentication problem with Tomcat5 Hello, I'm trying to have a standalone Java client communicate via SSL with a remote Tomcat5 server. I'm setting the two system properties for specifying the SSL trust store path and trust store password. The client is able to successfully communicate via SSL when Tomcat is configured to not require client-side authentication (for example in tomcat the configuration attribute 'clientAuth="false"' would be used). However, when I turn on this attribute and require client-side authentication, the client fails to communicate successfully with the Tomcat5 server. The following exception is generated: java.rmi.RemoteException: HTTP transport error: java.net.SocketException: Software caused connection abort: recv failed; nested exception is: HTTP transport error: java.net.SocketException: Software caused connection abort: recv failed at ..... Is there anything else that must occur on the client side when the remote web server requires a client-side certification authentication? I'm still new to SSL, so perhaps I have the basic concept confused. Do I have to import another certification in the client-side keystore for this to work? I looked in the SSL HOW-TO but didn't find an answer to my question. I also tried importing all of the certificates in the client keystore into the "cacerts" file in JAVA_HOME/jre/lib/security/cacerts. Here is the connector configuration for SSL in server.xml: <!-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 --> <Connector port="8443" maxThreads="150" minSpareThreads="25" maxSpareThreads="75" enableLookups="false" disableUploadTimeout="true" acceptCount="100" debug="0" scheme="https" secure="true" clientAuth="true" sslProtocol="TLS" keystoreFile="C:\ssl\sslWSCerts.keystore" keystorePass="changeit"/> Thank you for any help that you may be able to provide. -- Ryan --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
