Hi Bill & Everyone else,
> For JSSE, you need to have the signer in cacerts at the moment for > Tomcat to include it in the list of signers it wants. PureTLS allows > you to configure the list (without being root), but other problems > mean that you can only use it in TC 5 HEAD at the moment. > > Of course, the Tomcat support for CLIENT-CERT is pretty minimal at the > moment. Only the (deprecated) MemoryRealm supports it (unless you > write your own Realm).
Thanks for the information regarding the cacerts file and JSSE. After checking the configuration, I discovered that I was missing the cacerts file and have installed it into the proper directory under the $JAVA_HOME/lib/security directory hierarchy.
Unfortunately, this didn't change anything, as IE is still popping up a blank box for me to select my certificate. Does the "CA" certificate have to belong to any particular "alias" for JSSE to work. I have tried installing it as "-trustcacerts" and a normal import into the alias "root" and "tomcat" without any success.
You don't need to do anything special to get the root CA into the keystore do you ?, I am simply taking the CA certificate as a .pem along with the key, converting them to .der and then doing an import.
Do you happen to have any more ideas as to what is happening here or how I might be able to resolve it ?, I am quite happy to send a copy of the commands I am using off the list so that you can see the process that I am going through.
Thanks in advance.
Dean Thompson
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
