There isn't a problem here :). When Tomcat (or more correctly JSSE) sees an expired certificate, it just stops talking to the client, leaving the client to have to guess the reason.
There are various patches in BZ to warn on expired certs (mostly against TC 5), but none that have been implemented. "yuanyuan" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] Dear Sir/Madam, I am test SSL connection with Tomcat5.0.28 and j2sdk1.4.1_06. Below is the setting of my Tomcat for SSL: <Connector port="8443" maxThreads="150" minSpareThreads="25" maxSpareThreads="75" enableLookups="true" disableUploadTimeout="true" acceptCount="100" debug="0" scheme="https" secure="true" clientAuth="true" sslProtocol="TLS" truststoreFile="C:\keystore\ACS.keystore" truststorePass="changeit" keystoreFile="C:\keystore\ACS.keystore" keystorePass="changeit" keystoreType="JKS"/> It works ok with the valid client cert. But when I test with expired client cert, the client side will receive fatal alert: certificate_unknown but not the expected result fatal alert: certificate_expired. Any idea of which part may cause the problem? Thank you. Best regards Yuanyuan WizVision Pte Ltd (Regn. No.: 200002982E) 451 Joo Chiat Road #04-07 Katong Junction Singapore 427664 Tel: (+65) 6336-3340 Fax: (+65) 6392-0790 URL: http://www.WizVision.com [ This email and any attachments transmitted with it are confidential and intended solely for the named recipient(s) only. If you are not the intended recipient, you must not copy, disclose, disseminate or otherwise make use of the information. If you have received this email in error, please immediately notify the sender and permanently delete or destroy the original copy or any copy of this email. The recipient should check this email and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any virus transmitted by this email. ] --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
