On 9/22/21 12:25, Mandava, Sreevidya wrote:
Tomcat version : 8.5.70

Attached my self -signed client cert(ecdsatestclient.crt_txt), self signed CA (rsatestca_original.crt_txt)output from openssl (defaultciphersuite.txt) my connector configuration(connector.txt)

Your attachment has been stripped. Please copy/paste your certificate in PEM-encoded-DER format (i.e. -----BEGIN CERTIFICATE-----) into the body of your post.

Problem: We have a client that is connecting to tomcat with an ECC cert signed by a RSA signer.

That would be a very odd configuration indeed.

Client authentication is enabled in tomcat. They are seeing handshake
failures in ClientKeyExchange/Certificate Verify stage.
Do you have a specific error message and/or stack trace?

Why is there difference between the “certificate types” and
“signature algorithms”? Where/how  does tomcat get the values for
“certificate types” and “supported signature algorithms”?
Certificate types are usually "RSA" or "EC" (or maybe "DSA") and sometimes just, generically, X.509. Signature algorithms are typically things like "sha256withRSAencryption", etc.

Having the certificate itself would be very helpful in trying to debug this issue.


To unsubscribe, e-mail:
For additional commands, e-mail:

Reply via email to