Dear All I've been able to setup Tomcat 5.0.30 successfully on port 8443. I want to use client authentication. Hence i've enabled clientAuth=true in server.xml
Running on Mac OS X these were the commands to create a CA and sign a certificate using this CA. Creating a new CA: 1) perl CA.pl -newca Certificate request using openssl: 1) perl CA.pl -newreq 2) perl CA.pl -sign 3) mv newreq.pem client_req.pem 4) mv newcert.pem client_cert.pem 5) openssl rsa < client_req.pem > client_key.pem 6) openssl pkcs12 -export -in client_cert.pem -inkey client_key.pem -out client.p12 For Tomcat using Java keytool to request certificate: 1) openssl x509 -in server_cert.pem -out server.x509 2) openssl pkcs12 -export -in server_cert.pem -inkey server_key.pem -out server.p12 3) keytool -genkey -alias meAsClient -storepass changeit 4) keytool -certreq -alias measclient -file client.csr -storepass changeit 5) openssl x509 -req -CA demoCA/cacert.pem -CAkey demoCA/private/cakey.pem -extensions v3_ca -in client.csr -inform DER -out client_cert.x509 -CAcreateserial 6) keytool -import -alias butterflyCA -keystore /Syst.. ..urity/cacerts -file ../CA/demoCA/cacert.pem 7) keytool -import -alias measclient -keystore clientstore -trustcacerts -file client_cert.x509 Following these commands I dont get any errors. I then import the cacert.pem, the ROOT CA certificate and the client.p12 and client_cert.x509 to the browser I.E 6.0. But still there is a popup requesting for the clients identity and it asks me to select a certificate and no certificates are displayed. How can I go about this? All suggestion and ideas are welcome. Regards & Thanks ================ Mahesh S Kudva ------------------------------------------------------- Robosoft Technologies - Partners in Product Development --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
