Client authentication using Keystores...

[Manuel Gil Perez]

Hi all,

I would like to enrol my server to accept authenticated connections from 
authorized parties using X.509 certificates. I follow the instructions 
indicated in SSL Configuration HOW-TO 
(http://jakarta.apache.org/tomcat/tomcat-5.5-doc/ssl-howto.html) and I 
generate my keystore file with the certificate/private key of the web server 
and the CA certificate.


The client authentication only works if I add the CA certificate into the 
$JAVA_HOME/jre/lib/security/cacerts. If the Tomcat keystore contains the CA 
certificate but not the JDK keystore... the client authentication fails.


Can somebody tell me how can I manage these keystores and to add only the CA 
certificate in the Tomcat keystore... leaving the original JDK keystore 
intact??


Thanks!

--
Manuel Gil Pérez 




-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Client authentication using Keystores...

[Mark Thomas]

Manuel Gil Perez wrote:
The client authentication only works if I add the CA certificate into 
the $JAVA_HOME/jre/lib/security/cacerts. If the Tomcat keystore contains 
the CA certificate but not the JDK keystore... the client authentication 
fails.


AFAIK this can't be done without some custom code. 
http://issues.apache.org/bugzilla/show_bug.cgi?id=34643 should provide 
you with some pointers.


Mark

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]