Hi ,
I want to configure Tomcat/4.1.27 in order to use the client
certificate authentication. I first set up the SSL connector following
the How-To.
So now my site runs under SSL without any problem.
Next,I build the client certificate with keytool, and store it into a
file ( trust.keystore ). In my web.xml I change my BASIC into
CLIENT-CERT :
<login-config>
<auth-method>CLIENT-CERT</auth-method>
<realm-name>Client certificate auth.</realm-name>
</login-config>
and in my server.xml :
<Connector className=3D"org.apache.coyote.tomcat4.CoyoteConnector"
port=3D"8443" minProcessors=3D"5" maxProcessors=3D"75"
enableLookups=3D"true"
acceptCount=3D"100" debug=3D"0" scheme=3D"https" secure=3D"true"
useURIValidationHack=3D"false" disableUploadTimeout=3D"true"
>
<Factory className=3D"org.apache.coyote.tomcat4.CoyoteServerSocketFactory"
clientAuth=3D"false" protocol=3D"TLS"
truststoreFile=3D"c:\keystores\trust.keystore"
/>
</Connector>
When I connect to my protected JSP, I always get an error on tomcat :
13-jul-2005 11:19:25 org.apache.tomcat.util.net.jsse.JSSE14Support
synchronousHandshake
INFO: SSL Error getting client Certs
javax.net.ssl.SSLHandshakeException: null cert chain
at com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SunJSSE_aw.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SunJSSE_aw.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SunJSSE_ax.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.AppInputStream.read(DashoA6275)
at java.io.InputStream.read(InputStream.java:88)
at org.apache.tomcat.util.net.jsse.JSSE14Support.synchronousHandshak=
e(JSSE14Support.java:126)
at org.apache.tomcat.util.net.jsse.JSSE14Support.handShake(JSSE14Sup=
port.java:105)
at org.apache.tomcat.util.net.jsse.JSSESupport.getPeerCertificateCha=
in(JSSESupport.java:158)
at org.apache.coyote.http11.Http11Processor.action(Http11Processor.j=
ava:786)
at org.apache.coyote.Request.action(Request.java:367)
at org.apache.coyote.tomcat4.CoyoteRequest.getAttribute(CoyoteReques=
t.java:799)
at org.apache.coyote.tomcat4.CoyoteRequestFacade.getAttribute(Coyote=
RequestFacade.java:141)
at org.apache.catalina.authenticator.SSLAuthenticator.authenticate(S=
SLAuthenticator.java:154)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(Authen=
ticatorBase.java:528)
at org.apache.catalina.core.StandardPipeline$StandardPipelineValveCo=
ntext.invokeNext(StandardPipeline.java:641)
at org.apache.catalina.valves.CertificatesValve.invoke(CertificatesV=
alve.java:246)
at org.apache.catalina.core.StandardPipeline$StandardPipelineValveCo=
ntext.invokeNext(StandardPipeline.java:641)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline=
.java:480)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:=
995)
at org.apache.catalina.core.StandardContext.invoke(StandardContext.j=
ava:2416)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostVal=
ve.java:180)
at org.apache.catalina.core.StandardPipeline$StandardPipelineValveCo=
ntext.invokeNext(StandardPipeline.java:643)
at org.apache.catalina.valves.ErrorDispatcherValve.invoke(ErrorDispa=
tcherValve.java:171)
at org.apache.catalina.core.StandardPipeline$StandardPipelineValveCo=
ntext.invokeNext(StandardPipeline.java:641)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportVal=
ve.java:172)
at org.apache.catalina.core.StandardPipeline$StandardPipelineValveCo=
ntext.invokeNext(StandardPipeline.java:641)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline=
.java:480)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:=
995)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngin=
eValve.java:174)
at org.apache.catalina.core.StandardPipeline$StandardPipelineValveCo=
ntext.invokeNext(StandardPipeline.java:643)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline=
.java:480)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:=
995)
at org.apache.coyote.tomcat4.CoyoteAdapter.service(CoyoteAdapter.jav=
a:223)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.=
java:601)
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.p=
rocessConnection(Http11Protocol.java:392)
at org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.=
java:565)
at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(Thr=
eadPool.java:619)
at java.lang.Thread.run(Thread.java:536)
I don't know if my configuration is OK. Where can be the problem ?
Does anyone have an idea ?
Thanks a lot
Pascal.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
