On 30/06/2010 22:07, Ralph Carlson wrote: > tomcat version 6.0.20 > os: windows xp sp3 professional edition > sun java jdk 1.5.11 > > I am trying to do the following > (a) create a certificate authority and self sign server and client > certificates using openssl and keytool > (b) import the keytool keystore into tomcat > (c) verify the certificate chaing using openssl verify (which does work and > returns ok for all 3 certificates) > (d) have client Authorization on - with it off tomcat ssl works just fine, > when its turned on I get this error
Which error? What is in the Tomcat logs when the problem occurs? > so far I have been following the steps listed in this tomcat user group > message > http://marc.info/?l=tomcat-user&m=106293430225790&w=2 How did you configure Tomcat to use the certificates in (b)? What is your Tomcat Connector config in server.xml? p > but get this message from openssl s_client -cert c:\ssl\client\client.pem > -CAfile c:\ssl\ca\ca.pem -connect localhost:443 > > 3772:error:14094416:SSL routines:SSL3_READ_BYTES:sslv3 alert certificate > unknown:.\ssl\s3_pkt.c:1061:SSL alert number 46 > 3772:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake > failure:.\ssl\s23_lib.c:188: > > and these messages from firefox (after importing the certificate) > initially 'sslv3 alert certificate unknown' , then just 'SSL peer was not > expecting a handshake message it received' after a few tries > > does anyone know how to do this or has anyone done this before, > thanks for you help in advance > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org >
signature.asc
Description: OpenPGP digital signature