Thanks for your help Mark. When I imported the client cert, I pick the 'Automatically select the certificate store ...' option and the certificate appeared under the Trusted Root.
I tried to place the certificate under Personal and Other People but the certificate did not appear after the import. -----Original Message----- From: Mark Thomas [mailto:[EMAIL PROTECTED] Sent: Tuesday, September 13, 2005 2:56 PM To: Tomcat Users List Subject: Re: SSL mutual communication problem with Tomcat5 --- Remote host closed connection during handshake Xia, Hong wrote: > Hello, > > I am trying to set up Tomcat5 ( as standalone web server ) with https mutal > authentication. > There is the connector config > <Connector port="443" maxHttpHeaderSize="8192" > maxThreads="150" minSpareThreads="25" maxSpareThreads="75" > enableLookups="true" disableUploadTimeout="true" > acceptCount="100" scheme="https" secure="true" > keystoreFile="F:\Apache Software > Foundation\keystores\serverstore.jks" > keystorePass="changeit" > clientAuth="true" sslProtocol="TLS"/> > > The keys and keystore were created using Keytool > > Client certificate client.cer was sent to the client machine which uses IE6 > to connect the tomcat server. IE6 imported the client certificate into IE6 > under the Trusted Root Certification Authorites. > > When the client IE6 connects to the tomcat web server, the Client > Authentication Window appeared without the client certificate. > Tomcat log gives following error: > > *** CertificateRequest > Cert Types: RSA, DSS, > Cert Authorities: > <CN=ppwchongdev.plugpower.com, OU=IS, O=Plug Power, L=Latham, ST=New York, > C=US> > <CN=Client, OU=TRL, O=IBM, L=Yamato-shi, ST=Kanagawa-ken, C=JP> > *** ServerHelloDone > http-443-Processor25, WRITE: SSLv3 Handshake, length = 938 > http-443-Processor25, received EOFException: error > http-443-Processor25, handling exception: > javax.net.ssl.SSLHandshakeException: Remote host closed connection during > handshake > http-443-Processor25, SEND SSLv3 ALERT: fatal, description = > handshake_failure > http-443-Processor25, WRITE: SSLv3 Alert, length = 2 > http-443-Processor25, called closeSocket() > http-443-Processor25, called close() > http-443-Processor25, called closeInternal(true) > > > Has anyone know why does this error happen? I am suspecting that IE6 has a > problem with the imported client.cer file but I am not able to pinpoint it. > > Your help will be very much appreciated. > > Hong You need to import the client cert as a user cert, not as a trusted root certificate. Mark --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]