okay, I have faced so many problems on this.. and finally could do it! Please answer the following questions.
First question: The certificates that you are using on your machine (as client), where do you get them from? Second: When you connect the server (https://localhost:8443) or whatever), does your certificate pops up? cheers Tathagat -----Original Message----- From: Rodrigo Ruiz [mailto:[EMAIL PROTECTED]] Sent: Tuesday, August 20, 2002 11:42 To: [EMAIL PROTECTED] Subject: Client Certificates on Tomcat 3.3.1 Hi all, I'm trying to setup a secure connection between Tomcat 3.3.1 and a java soap client. My soap service simply prints out some request data, and also the content of request.getAttribute("javax.servlet.request.X509Certificate") Following some example code I found on Internet (I'm not sure this code should function) I have followed the instructions in the xml.apache.org FAQ, and generated all certificates with keytool. Firstly, I configured tomcat with clientAuth set to false, and used a basic authentication scheme in my web-app. It worked fine. When connecting through my client, the service prints the next info: Authorization: BASIC Remote User: tomcat Secured: true Principal: tomcat No client certificate is available If I set clientAuth to true, it still works, but it keeps showing the "No client certificate available" message. The big problem comes when I configure my web-app to use CLIENT-CERT authorization scheme. It simply returns a 401 error code. Any one can help me, please?? Thanks in advance, Rodrigo Ruiz Aguayo PS: Following is the bat file I'm using to generate the keystores: del server.keystore del client.keystore copy %JAVA_HOME%\jre\lib\security\cacerts .\server.keystore copy %JAVA_HOME%\jre\lib\security\cacerts .\client.keystore REM Change default passwords keytool -storepasswd -keystore server.keystore -storepass changeit -new 123456 keytool -storepasswd -keystore client.keystore -storepass changeit -new 123456 REM Create server.keystore keytool -genkey -alias tomcat-sv -dname "CN=neyade,OU=InnerGrid,O=GridSystems,L=Palma,S=Baleares,C=ES" -keyalg RSA -keypass 123456 -storepass 123456 -keystore server.keystore keytool -export -alias tomcat-sv -storepass 123456 -file server.cer -keystore server.keystore REM Import server certificate as a trusted CA in the client keystore keytool -import -v -trustcacerts -alias tomcat -file server.cer -keystore client.keystore -keypass 123456 -storepass 123456 REM Create client keystore keytool -genkey -alias rruiz -dname "CN=rruiz,OU=InnerGrid,O=GridSystems,L=Palma,S=Baleares,C=ES" -keyalg RSA -keypass 123456 -storepass 123456 -keystore client.keystore keytool -export -alias rruiz -storepass 123456 -file rruiz.cer -keystore client.keystore keytool -import -v -trustcacerts -alias tomcat -file rruiz.cer -keystore server.keystore -keypass 123456 -storepass 123456 -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> ---------------------------------------------------------------------- If you have received this e-mail in error or wish to read our e-mail disclaimer statement and monitoring policy, please refer to http://www.drkw.com/disc/email/ or contact the sender. ---------------------------------------------------------------------- -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
