It works, thanks a lot for your help. ----- Original Message ----- From: "Mario Ivankovits" <[EMAIL PROTECTED]> To: "Tomcat Users List" <[EMAIL PROTECTED]> Sent: Tuesday, June 10, 2003 9:36 AM Subject: Re: SSL client authentication with tomcat 4.1.24
> You have to import the root CA into the java cacerts keystore > > Assuming a windows-java installation in "C:\j2sdk" the location is: > C:\j2sdk\jre\lib\security\cacerts > > using > > > cd C:\j2sdk\jre\lib\security > > keytool -import -keystore cacerts -storepass changeit -file > the-root-ca.cer > > did the job for me. > > Mario > ----- Original Message ----- > From: "Duma Rolando" <[EMAIL PROTECTED]> > To: "Tomcat Users List" <[EMAIL PROTECTED]> > Sent: Tuesday, June 10, 2003 9:24 AM > Subject: Re: SSL client authentication with tomcat 4.1.24 > > > > I'm still having trouble with my setup. > > These are my keystore entries: > > > > Tipo keystore: jks > > Provider keystore: SUN > > > > Il keystore contiene 3 entry > > > > scai, 10-giu-2003, keyEntry, > > Impronta digitale certificato (MD5): > > D5:FC:34:5E:12:03:CD:29:84:18:C9:4C:33:07:6C:5D > > _dgripbmo, 10-giu-2003, trustedCertEntry, > > Impronta digitale certificato (MD5): > > F5:ED:E9:B2:D9:71:F9:B6:6F:E9:39:27:4D:0A:A4:F7 > > dumarolando, 10-giu-2003, trustedCertEntry, > > Impronta digitale certificato (MD5): > > E6:8D:22:29:5C:33:20:52:10:75:6A:8E:5D:03:4C:B3 > > > > The second item is the CA certificate that signs my personal certificate, > > the last is my personal certificate present also in my IE Personal > > certificates tab.If nothing is missing and the browser still pops up an > > empty personal certificate list, maybe there is a problem with the > > cryptographic providers or with the encription algorithms used? > > As a note my personal certificate is stored on a Gemplus smartcard > connected > > with a USB reader all works fine if I connect to an Apache server with > > mod_ssl. > > > > ----- Original Message ----- > > From: "Bill Barker" <[EMAIL PROTECTED]> > > To: <[EMAIL PROTECTED]> > > Sent: Saturday, June 07, 2003 5:33 AM > > Subject: Re: SSL client authentication with tomcat 4.1.24 > > > > > > > I believe that the Sun 1.4 JVM ships with the certs for Verisign and > > Thawte > > > (to verify this, search the java.sun.com site). To allow OpenExchange > > > signed certs, you need to get the signing cert (not hard), and import it > > > into cacerts. > > > > > > "Mario Ivankovits" <[EMAIL PROTECTED]> wrote in message > > > news:[EMAIL PROTECTED] > > > > For me, it looks like some certificates cant be read by tomcat/ssl. > > > > > > > > So, my Thawte FreeMail Member certificate works, but the certificate > > > > generated by SuSE OpenExchange wont work. > > > > > > > > I havent figured out what the difference could be for now. > > > > > > > > Mario > > > > > > > > ----- Original Message ----- > > > > From: "Duma Rolando" <[EMAIL PROTECTED]> > > > > To: "Tomcat Users List" <[EMAIL PROTECTED]> > > > > Sent: Friday, June 06, 2003 1:40 PM > > > > Subject: Re: SSL client authentication with tomcat 4.1.24 > > > > > > > > > > > > > I have already imported my certificate.This is correctly showed if I > > > > connect > > > > > to an apache + mod-ssl server with "SSLVerifyClient require" > > directive, > > > so > > > > I > > > > > think the problem belongs to Tomcat SSL implementation or its > > > > configuration. > > > > > That's why I'm looking for people with positive experience on this > > kind > > > of > > > > > setup. > > > > > > > > > > > > > > > ----- Original Message ----- > > > > > From: "Bodycombe, Andrew" <[EMAIL PROTECTED]> > > > > > To: "'Tomcat Users List'" <[EMAIL PROTECTED]> > > > > > Sent: Friday, June 06, 2003 12:58 PM > > > > > Subject: RE: SSL client authentication with tomcat 4.1.24 > > > > > > > > > > > > > > > > You need to import your personal certificate into your browser. > > > > > > > > > > > > In IE: > > > > > > Select 'Internet Options' from the Tools Menu > > > > > > Select the Content tab > > > > > > Press the certificates button > > > > > > > > > > > > This takes you to the screen showing all your certificates > > > > > > Select the 'Personal' tab > > > > > > Press Import to import your certificate > > > > > > > > > > > > Andy > > > > > > > > > > > > -----Original Message----- > > > > > > From: Duma Rolando [mailto:[EMAIL PROTECTED] > > > > > > Sent: 06 June 2003 11:31 > > > > > > To: Tomcat Mailing List > > > > > > Subject: SSL client authentication with tomcat 4.1.24 > > > > > > > > > > > > > > > > > > Is there anyone that have a running tomcat 4.1.24 standalone > server > > > with > > > > > SSL > > > > > > and clientAuth="true"? > > > > > > My current config doesn't work ( i.e. Internet Explorer doesn't > > > display > > > > my > > > > > > personal certificate, Mozilla displays an error message ).I tried > > with > > > > > only > > > > > > one SSL connector on port 443 and with also an http connector on > > port > > > 80 > > > > > > without success.I would like to know if I'm wasting time or there > > are > > > > > > "success stories" about this in this community. > > > > > > > > > > > > > > > > > > > > --------------------------------------------------------------------- > > > > > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > > > > > For additional commands, e-mail: > [EMAIL PROTECTED] > > > > > > > > > > > > > > --------------------------------------------------------------------- > > > > > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > > > > > For additional commands, e-mail: > [EMAIL PROTECTED] > > > > > > > > > > > > > > > > --------------------------------------------------------------------- > > > > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > > > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > > > > > > > > > > > > > > > > > > --------------------------------------------------------------------- > > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]