ok, what you have to do is put the certificate provider into your java's security file.
keytool -import blah blah (options) what you have to import are ".PEM" files which you get from the certificate providers. Then IE will popup your certificates. Please read keytool documentation on sun site and most things will be clear of my mail. cheers Tathagat -----Original Message----- From: Rodrigo Ruiz [mailto:[EMAIL PROTECTED]] Sent: Tuesday, August 20, 2002 16:59 To: Tomcat Users List Subject: Re: Client Certificates on Tomcat 3.3.1 ----- Original Message ----- From: "Tathagat (London)" <[EMAIL PROTECTED]> To: "'Tomcat Users List'" <[EMAIL PROTECTED]> Sent: Tuesday, August 20, 2002 3:22 PM Subject: RE: Client Certificates on Tomcat 3.3.1 > okay, I have faced so many problems on this.. and finally could do it! > Please answer the following questions. > > First question: The certificates that you are using on your machine (as > client), where do you get them from? I create them with KeyMan from IBM. I have tried to create a X509 Chain, signed with my server key, and also a .PFX file with the same characteristics. None seemed to work. In fact, when I import the certificates into Explorer, it places them into the Medium CA Providers Tab, and not in the "Personal" repository. Is it ok? > > Second: When you connect the server (https://localhost:8443) or whatever), > does your certificate pops up? The browser only pops up the server certificate, not the client one. It looks like it does not send my client certificate at all. > > cheers > Tathagat > > -----Original Message----- > From: Rodrigo Ruiz [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, August 20, 2002 11:42 > To: [EMAIL PROTECTED] > Subject: Client Certificates on Tomcat 3.3.1 > > > Hi all, > > I'm trying to setup a secure connection between Tomcat 3.3.1 and a java soap > client. > > My soap service simply prints out some request data, and also the content of > > request.getAttribute("javax.servlet.request.X509Certificate") > > Following some example code I found on Internet (I'm not sure this code > should function) > > I have followed the instructions in the xml.apache.org FAQ, and generated > all certificates with keytool. > > Firstly, I configured tomcat with clientAuth set to false, and used a basic > authentication scheme in my web-app. It worked fine. When connecting through > my client, the service prints the next info: > > Authorization: BASIC > Remote User: tomcat > Secured: true > Principal: tomcat > No client certificate is available > > If I set clientAuth to true, it still works, but it keeps showing the "No > client certificate available" message. > > The big problem comes when I configure my web-app to use CLIENT-CERT > authorization scheme. > It simply returns a 401 error code. > > Any one can help me, please?? > > Thanks in advance, > Rodrigo Ruiz Aguayo > > PS: Following is the bat file I'm using to generate the keystores: > > del server.keystore > del client.keystore > > copy %JAVA_HOME%\jre\lib\security\cacerts .\server.keystore > copy %JAVA_HOME%\jre\lib\security\cacerts .\client.keystore > > REM Change default passwords > keytool -storepasswd -keystore server.keystore -storepass changeit -new > 123456 > keytool -storepasswd -keystore client.keystore -storepass changeit -new > 123456 > > REM Create server.keystore > keytool -genkey -alias tomcat-sv -dname > "CN=neyade,OU=InnerGrid,O=GridSystems,L=Palma,S=Baleares,C=ES" -keyalg > RSA -keypass 123456 -storepass 123456 -keystore server.keystore > keytool -export -alias tomcat-sv -storepass 123456 -file > server.cer -keystore server.keystore > > REM Import server certificate as a trusted CA in the client keystore > keytool -import -v -trustcacerts -alias tomcat -file server.cer -keystore > client.keystore -keypass 123456 -storepass 123456 > > REM Create client keystore > keytool -genkey -alias rruiz -dname > "CN=rruiz,OU=InnerGrid,O=GridSystems,L=Palma,S=Baleares,C=ES" -keyalg > RSA -keypass 123456 -storepass 123456 -keystore client.keystore > keytool -export -alias rruiz -storepass 123456 -file rruiz.cer -keystore > client.keystore > > keytool -import -v -trustcacerts -alias tomcat -file rruiz.cer -keystore > server.keystore -keypass 123456 -storepass 123456 > > > -- > To unsubscribe, e-mail: > <mailto:[EMAIL PROTECTED]> > For additional commands, e-mail: > <mailto:[EMAIL PROTECTED]> > > > ---------------------------------------------------------------------- > If you have received this e-mail in error or wish to read our e-mail > disclaimer statement and monitoring policy, please refer to > http://www.drkw.com/disc/email/ or contact the sender. > ---------------------------------------------------------------------- > > > -- > To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> > For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> > > -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> ---------------------------------------------------------------------- If you have received this e-mail in error or wish to read our e-mail disclaimer statement and monitoring policy, please refer to http://www.drkw.com/disc/email/ or contact the sender. ---------------------------------------------------------------------- -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
