The client reports the error, which I presumed came as a response from the server.
-----Original Message----- From: Pid [mailto:p...@pidster.com] Sent: 12 January 2010 17:30 To: Tomcat Users List Subject: Re: Client authentication problems On 12/01/2010 16:32, John Watson wrote: > Dear tomcat users, > > > > I run tomcat 6.0.18 under java 6 and am attempting to set up client > authentication via SSL. I have followed the instructions here: > http://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html, with Tomcat > using the default SSL implementation. We act as our own CA, so I have > set up java keystores at both server and client, each of which has the > same CA certificate, but a distinct actual certificate. I am attempting > to test using HttpClient as described here: > http://hc.apache.org/httpclient-3.x/sslguide.html and am using > AuthSSLProtocolSocketFactory. > > > > The client gets hold of the server certificates OK but then the test > fails with the error : > > > > Fatal transport error: Received fatal alert: certificate_unknown > > javax.net.ssl.SSLHandshakeException: Received fatal alert: > certificate_unknown > > at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown > Source) > > at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown > Source) > > at com.sun.net.ssl.internal.ssl.SSLSocketImpl.recvAlert(Unknown > Source)..... > > > > I see no sign of any logging of the SSL handshake at the server side. Which side is seeing the error? The client or the server? p > If I switch off client authentication (in server.xml) at the server, > everything's fine. Similarly, if I actually use the keystore that > contains the server certs at the client side, all's OK too. > > > > I'd appreciate any help you can give - particularly if you can help me > log the SSL handshake at the server to try to figure out what's > happening. > > > > Cheers > > > > John Watson > > > > ********************************************************************** > > Satellite Information Services Limited. Registered Office: 17 Corsham Street, London, N1 6DR. Company No. 4243307 > > The information in this email (which includes any files transmitted with it) is confidential and is intended for the addressee only. Unauthorized recipients are required to maintain confidentiality. If you have received this email in error please notify the sender immediately, destroy any copies and delete it from your computer system. > > ********************************************************************** --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org ********************************************************************** Satellite Information Services Limited. Registered Office: 17 Corsham Street, London, N1 6DR. Company No. 4243307 The information in this email (which includes any files transmitted with it) is confidential and is intended for the addressee only. Unauthorized recipients are required to maintain confidentiality. If you have received this email in error please notify the sender immediately, destroy any copies and delete it from your computer system. ********************************************************************** --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
