Hi. Faced with very odd behavior of Tomcat 7...
Have two instances on same box - Tomcat 5.5 and Tomcat 7. Both have same configuration - first from 5.5: <Connector port="${port.https}" maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25" maxSpareThreads="75" enableLookups="false" disableUploadTimeout="true" acceptCount="100" scheme="https" secure="true" clientAuth="want" sslProtocol="TLS" keystoreFile="conf/.ssl/tomcat.jks" keyAlias="tomcat" keystorePass="pass" truststoreFile="conf/.ssl/trustcacerts.jks" truststorePass="pass" /> Next - from 7.0: <Connector port="${port.https}" protocol="HTTP/1.1" SSLEnabled="true" enableLookups="false" disableUploadTimeout="true" scheme="https" secure="true" clientAuth="want" sslProtocol="TLS" keystoreFile="conf/.ssl/tomcat.jks" keyAlias="tomcat" keystorePass="pass" truststoreFile="conf/.ssl/trustcacerts.jks" truststorePass="pass" /> Also - both configured for CLIENT-CERT authentification (same applicaion with same web.xml). In browser installed cert, but - when I'm trying open connection to 7 Tomcat - I got 401 - Cannot authenticate with the provided credentials and no authentification attempt in log: 10.***.***.15 - - [02/Jun/2014:17:10:31 +0300] "GET /service/ HTTP/1.1" 401 1049 But connection to 5.5 - succsessfull with same browser && certificate. Also, in ssldump I see that browser can't make "handshake" with 7.0 server: 1 2 0.0317 (0.0308) S>C Handshake ServerHello Version 3.1 session_id[32]= 53 8c 85 d7 cf 17 a1 45 8a 4e 64 e6 95 7f 2b f3 cb 74 0a f3 13 40 71 e8 74 50 53 1a 00 24 a0 76 cipherSuite TLS_DHE_DSS_WITH_AES_128_CBC_SHA compressionMethod NULL Certificate ServerKeyExchange CertificateRequest certificate_types rsa_sign certificate_types dss_sign certificate_authority 30 62 31 0b 30 09 06 03 55 04 06 13 02 55 41 31 10 30 0e 06 03 55 04 08 13 07 55 6e 6b 6e 6f 77 6e 31 0d 30 0b 06 03 55 04 07 13 04 4b 69 65 76 31 0f 30 0d 06 03 55 04 0a 13 06 4c 75 78 6f 66 74 31 0c 30 0a 06 03 55 04 0b 13 03 4c 4d 53 31 13 30 11 06 03 55 04 03 13 0a 61 7a 69 6e 63 68 65 6e 6b 6f certificate_authority 30 60 31 0b 30 09 06 03 55 04 06 13 02 55 41 31 // and that's all But on 5.5 - everyting OK: 1 2 0.0213 (0.0195) S>C Handshake ServerHello Version 3.1 session_id[32]= 53 8c 85 89 be 1f c5 63 e2 16 a0 a0 dc 5b aa 68 0d 1c 8d b7 24 c5 13 0a 24 0a 66 9b 54 f4 b0 0f cipherSuite TLS_DHE_DSS_WITH_AES_128_CBC_SHA compressionMethod NULL Certificate ServerKeyExchange ServerHelloDone 1 3 0.0256 (0.0042) C>S Handshake ClientKeyExchange DiffieHellmanClientPublicValue[96]= 4a 39 5e f5 2a c1 58 13 6b 7c 98 0b 44 d7 9a 42 bf 48 c2 6e a4 c6 6d 50 a7 89 8f 53 a4 54 92 a5 81 18 1b 22 63 cf c1 63 8f 36 9f d2 59 c3 3e 67 1f 4e 18 01 db f2 9d 07 0b 81 12 39 64 62 83 84 78 dc 36 9b 00 34 f5 34 44 2d 92 eb d9 f6 b0 7e c4 66 d9 ad f2 bf 7f fb 07 56 eb 58 5d 58 41 2e What I'm doing wrong? Thanks.