Did you set correctly the SERVER Common Name ?
It must match the server name (ie: mybecane.com)
> # CA
> openssl req -new -out ca_req.pem -keyout ca_key.pem
> #pwd:pwd_ca
> #challenge_pwd:ch_ca
> #company name:THE_ORG
>
> # CLIENT
> openssl req -new -out cl_req.pem -keyout cl_key.pem
> #pwd:pwd_cl
> #ch_pwd:ch_cl
> #company name:THE_ORG
> # SERVER
> openssl req -new -out sr_req.pem -keyout sr_key.pem
> #pwd:pwd_sr
> #ch_pwd:ch_sr
> #company name:THE_ORG
> # CA AUTH
> echo "CA AUTH : enter CA password"
> openssl req -x509 -in ca_req.pem -key ca_key.pem -out ca_cert.pem
> #pwd:pwd_ca
> rm ./demoCA/index.txt
> rm ./demoCA/serial
> cat "" > ./demoCA/index.txt
> cat "01" > ./demoCA/serial
>
> # CLIENT AUTH BY CA
> echo "CL AUTH : enter CA password"
> openssl ca -cert ca_cert.pem -in cl_req.pem -out cl_cert.pem
>-keyfile ca_key.pem -config /usr/local/ssl/openssl.cnf
> #pwd:pwd_ca
>
> # SERVER AUTH BY CA
> echo "SR AUTH : enter CA password"
> openssl ca -cert ca_cert.pem -in sr_req.pem -out sr_cert.pem
>-keyfile ca_key.pem -config /usr/local/ssl/openssl.cnf
> #pwd:pwd_ca
>
> # CONVERT SERVER AUTH FROM PEM FORMAT TO DER FORMAT
> openssl x509 -inform PEM -in sr_cert.pem -outform DER -out sr_cert.der
>
> # REMOVE PREVIOUS KEYSTORE
> rm /opt/tomcat-3-2-2/tomcat/conf/keystore
>
> # IMPORT SERVER CERT IN TOMCAT KEYSTORE
> echo "IMPORT SR CERT : enter SR password"
> /usr/java/jdk1.3/bin/keytool -import -v -trustcacerts -alias
>tomcat -file sr_cert.der -keystore
>/opt/tomcat-3-2-2/tomcat/conf/keystore
> #pwd:pwd_sr
>
> # CONVERTING CLIENT CERT INTO NETSCAPE PKCS12 FORMAT
> echo "CL CERT CONVERSION : PEM -> P12 : enter CL passwd"
> openssl pkcs12 -in cl_cert.pem -inkey cl_key.pem -export -out
>cl_cert.p12
> #pwd:pwd_cl
> #exp_pwd:pwd_cl
>
> # CONNECTION TO THE TOMCAT SERVER
> openssl s_client -connect 127.0.0.1:8443 -cert cl_cert.pem
>-key cl_key.pem -state
>__________________________________________________
>Voila vous propose une boite aux lettres gratuite sur Voila Mail:
>http://mail.voila.fr
>
>
>
