Re: SSL client authentication with tomcat 4.1.24
It works! Thank you - Original Message - From: Bill Barker [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Saturday, June 07, 2003 5:33 AM Subject: Re: SSL client authentication with tomcat 4.1.24 I believe that the Sun 1.4 JVM ships with the certs for Verisign and Thawte (to verify this, search the java.sun.com site). To allow OpenExchange signed certs, you need to get the signing cert (not hard), and import it into cacerts. Mario Ivankovits [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] For me, it looks like some certificates cant be read by tomcat/ssl. So, my Thawte FreeMail Member certificate works, but the certificate generated by SuSE OpenExchange wont work. I havent figured out what the difference could be for now. Mario - Original Message - From: Duma Rolando [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Friday, June 06, 2003 1:40 PM Subject: Re: SSL client authentication with tomcat 4.1.24 I have already imported my certificate.This is correctly showed if I connect to an apache + mod-ssl server with SSLVerifyClient require directive, so I think the problem belongs to Tomcat SSL implementation or its configuration. That's why I'm looking for people with positive experience on this kind of setup. - Original Message - From: Bodycombe, Andrew [EMAIL PROTECTED] To: 'Tomcat Users List' [EMAIL PROTECTED] Sent: Friday, June 06, 2003 12:58 PM Subject: RE: SSL client authentication with tomcat 4.1.24 You need to import your personal certificate into your browser. In IE: Select 'Internet Options' from the Tools Menu Select the Content tab Press the certificates button This takes you to the screen showing all your certificates Select the 'Personal' tab Press Import to import your certificate Andy -Original Message- From: Duma Rolando [mailto:[EMAIL PROTECTED] Sent: 06 June 2003 11:31 To: Tomcat Mailing List Subject: SSL client authentication with tomcat 4.1.24 Is there anyone that have a running tomcat 4.1.24 standalone server with SSL and clientAuth=true? My current config doesn't work ( i.e. Internet Explorer doesn't display my personal certificate, Mozilla displays an error message ).I tried with only one SSL connector on port 443 and with also an http connector on port 80 without success.I would like to know if I'm wasting time or there are success stories about this in this community. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: SSL client authentication with tomcat 4.1.24
I'm still having trouble with my setup. These are my keystore entries: Tipo keystore: jks Provider keystore: SUN Il keystore contiene 3 entry scai, 10-giu-2003, keyEntry, Impronta digitale certificato (MD5): D5:FC:34:5E:12:03:CD:29:84:18:C9:4C:33:07:6C:5D _dgripbmo, 10-giu-2003, trustedCertEntry, Impronta digitale certificato (MD5): F5:ED:E9:B2:D9:71:F9:B6:6F:E9:39:27:4D:0A:A4:F7 dumarolando, 10-giu-2003, trustedCertEntry, Impronta digitale certificato (MD5): E6:8D:22:29:5C:33:20:52:10:75:6A:8E:5D:03:4C:B3 The second item is the CA certificate that signs my personal certificate, the last is my personal certificate present also in my IE Personal certificates tab.If nothing is missing and the browser still pops up an empty personal certificate list, maybe there is a problem with the cryptographic providers or with the encription algorithms used? As a note my personal certificate is stored on a Gemplus smartcard connected with a USB reader all works fine if I connect to an Apache server with mod_ssl. - Original Message - From: Bill Barker [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Saturday, June 07, 2003 5:33 AM Subject: Re: SSL client authentication with tomcat 4.1.24 I believe that the Sun 1.4 JVM ships with the certs for Verisign and Thawte (to verify this, search the java.sun.com site). To allow OpenExchange signed certs, you need to get the signing cert (not hard), and import it into cacerts. Mario Ivankovits [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] For me, it looks like some certificates cant be read by tomcat/ssl. So, my Thawte FreeMail Member certificate works, but the certificate generated by SuSE OpenExchange wont work. I havent figured out what the difference could be for now. Mario - Original Message - From: Duma Rolando [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Friday, June 06, 2003 1:40 PM Subject: Re: SSL client authentication with tomcat 4.1.24 I have already imported my certificate.This is correctly showed if I connect to an apache + mod-ssl server with SSLVerifyClient require directive, so I think the problem belongs to Tomcat SSL implementation or its configuration. That's why I'm looking for people with positive experience on this kind of setup. - Original Message - From: Bodycombe, Andrew [EMAIL PROTECTED] To: 'Tomcat Users List' [EMAIL PROTECTED] Sent: Friday, June 06, 2003 12:58 PM Subject: RE: SSL client authentication with tomcat 4.1.24 You need to import your personal certificate into your browser. In IE: Select 'Internet Options' from the Tools Menu Select the Content tab Press the certificates button This takes you to the screen showing all your certificates Select the 'Personal' tab Press Import to import your certificate Andy -Original Message- From: Duma Rolando [mailto:[EMAIL PROTECTED] Sent: 06 June 2003 11:31 To: Tomcat Mailing List Subject: SSL client authentication with tomcat 4.1.24 Is there anyone that have a running tomcat 4.1.24 standalone server with SSL and clientAuth=true? My current config doesn't work ( i.e. Internet Explorer doesn't display my personal certificate, Mozilla displays an error message ).I tried with only one SSL connector on port 443 and with also an http connector on port 80 without success.I would like to know if I'm wasting time or there are success stories about this in this community. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: SSL client authentication with tomcat 4.1.24
You have to import the root CA into the java cacerts keystore Assuming a windows-java installation in C:\j2sdk the location is: C:\j2sdk\jre\lib\security\cacerts using cd C:\j2sdk\jre\lib\security keytool -import -keystore cacerts -storepass changeit -file the-root-ca.cer did the job for me. Mario - Original Message - From: Duma Rolando [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Tuesday, June 10, 2003 9:24 AM Subject: Re: SSL client authentication with tomcat 4.1.24 I'm still having trouble with my setup. These are my keystore entries: Tipo keystore: jks Provider keystore: SUN Il keystore contiene 3 entry scai, 10-giu-2003, keyEntry, Impronta digitale certificato (MD5): D5:FC:34:5E:12:03:CD:29:84:18:C9:4C:33:07:6C:5D _dgripbmo, 10-giu-2003, trustedCertEntry, Impronta digitale certificato (MD5): F5:ED:E9:B2:D9:71:F9:B6:6F:E9:39:27:4D:0A:A4:F7 dumarolando, 10-giu-2003, trustedCertEntry, Impronta digitale certificato (MD5): E6:8D:22:29:5C:33:20:52:10:75:6A:8E:5D:03:4C:B3 The second item is the CA certificate that signs my personal certificate, the last is my personal certificate present also in my IE Personal certificates tab.If nothing is missing and the browser still pops up an empty personal certificate list, maybe there is a problem with the cryptographic providers or with the encription algorithms used? As a note my personal certificate is stored on a Gemplus smartcard connected with a USB reader all works fine if I connect to an Apache server with mod_ssl. - Original Message - From: Bill Barker [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Saturday, June 07, 2003 5:33 AM Subject: Re: SSL client authentication with tomcat 4.1.24 I believe that the Sun 1.4 JVM ships with the certs for Verisign and Thawte (to verify this, search the java.sun.com site). To allow OpenExchange signed certs, you need to get the signing cert (not hard), and import it into cacerts. Mario Ivankovits [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] For me, it looks like some certificates cant be read by tomcat/ssl. So, my Thawte FreeMail Member certificate works, but the certificate generated by SuSE OpenExchange wont work. I havent figured out what the difference could be for now. Mario - Original Message - From: Duma Rolando [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Friday, June 06, 2003 1:40 PM Subject: Re: SSL client authentication with tomcat 4.1.24 I have already imported my certificate.This is correctly showed if I connect to an apache + mod-ssl server with SSLVerifyClient require directive, so I think the problem belongs to Tomcat SSL implementation or its configuration. That's why I'm looking for people with positive experience on this kind of setup. - Original Message - From: Bodycombe, Andrew [EMAIL PROTECTED] To: 'Tomcat Users List' [EMAIL PROTECTED] Sent: Friday, June 06, 2003 12:58 PM Subject: RE: SSL client authentication with tomcat 4.1.24 You need to import your personal certificate into your browser. In IE: Select 'Internet Options' from the Tools Menu Select the Content tab Press the certificates button This takes you to the screen showing all your certificates Select the 'Personal' tab Press Import to import your certificate Andy -Original Message- From: Duma Rolando [mailto:[EMAIL PROTECTED] Sent: 06 June 2003 11:31 To: Tomcat Mailing List Subject: SSL client authentication with tomcat 4.1.24 Is there anyone that have a running tomcat 4.1.24 standalone server with SSL and clientAuth=true? My current config doesn't work ( i.e. Internet Explorer doesn't display my personal certificate, Mozilla displays an error message ).I tried with only one SSL connector on port 443 and with also an http connector on port 80 without success.I would like to know if I'm wasting time or there are success stories about this in this community. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED
Re: SSL client authentication with tomcat 4.1.24
It works, thanks a lot for your help. - Original Message - From: Mario Ivankovits [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Tuesday, June 10, 2003 9:36 AM Subject: Re: SSL client authentication with tomcat 4.1.24 You have to import the root CA into the java cacerts keystore Assuming a windows-java installation in C:\j2sdk the location is: C:\j2sdk\jre\lib\security\cacerts using cd C:\j2sdk\jre\lib\security keytool -import -keystore cacerts -storepass changeit -file the-root-ca.cer did the job for me. Mario - Original Message - From: Duma Rolando [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Tuesday, June 10, 2003 9:24 AM Subject: Re: SSL client authentication with tomcat 4.1.24 I'm still having trouble with my setup. These are my keystore entries: Tipo keystore: jks Provider keystore: SUN Il keystore contiene 3 entry scai, 10-giu-2003, keyEntry, Impronta digitale certificato (MD5): D5:FC:34:5E:12:03:CD:29:84:18:C9:4C:33:07:6C:5D _dgripbmo, 10-giu-2003, trustedCertEntry, Impronta digitale certificato (MD5): F5:ED:E9:B2:D9:71:F9:B6:6F:E9:39:27:4D:0A:A4:F7 dumarolando, 10-giu-2003, trustedCertEntry, Impronta digitale certificato (MD5): E6:8D:22:29:5C:33:20:52:10:75:6A:8E:5D:03:4C:B3 The second item is the CA certificate that signs my personal certificate, the last is my personal certificate present also in my IE Personal certificates tab.If nothing is missing and the browser still pops up an empty personal certificate list, maybe there is a problem with the cryptographic providers or with the encription algorithms used? As a note my personal certificate is stored on a Gemplus smartcard connected with a USB reader all works fine if I connect to an Apache server with mod_ssl. - Original Message - From: Bill Barker [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Saturday, June 07, 2003 5:33 AM Subject: Re: SSL client authentication with tomcat 4.1.24 I believe that the Sun 1.4 JVM ships with the certs for Verisign and Thawte (to verify this, search the java.sun.com site). To allow OpenExchange signed certs, you need to get the signing cert (not hard), and import it into cacerts. Mario Ivankovits [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] For me, it looks like some certificates cant be read by tomcat/ssl. So, my Thawte FreeMail Member certificate works, but the certificate generated by SuSE OpenExchange wont work. I havent figured out what the difference could be for now. Mario - Original Message - From: Duma Rolando [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Friday, June 06, 2003 1:40 PM Subject: Re: SSL client authentication with tomcat 4.1.24 I have already imported my certificate.This is correctly showed if I connect to an apache + mod-ssl server with SSLVerifyClient require directive, so I think the problem belongs to Tomcat SSL implementation or its configuration. That's why I'm looking for people with positive experience on this kind of setup. - Original Message - From: Bodycombe, Andrew [EMAIL PROTECTED] To: 'Tomcat Users List' [EMAIL PROTECTED] Sent: Friday, June 06, 2003 12:58 PM Subject: RE: SSL client authentication with tomcat 4.1.24 You need to import your personal certificate into your browser. In IE: Select 'Internet Options' from the Tools Menu Select the Content tab Press the certificates button This takes you to the screen showing all your certificates Select the 'Personal' tab Press Import to import your certificate Andy -Original Message- From: Duma Rolando [mailto:[EMAIL PROTECTED] Sent: 06 June 2003 11:31 To: Tomcat Mailing List Subject: SSL client authentication with tomcat 4.1.24 Is there anyone that have a running tomcat 4.1.24 standalone server with SSL and clientAuth=true? My current config doesn't work ( i.e. Internet Explorer doesn't display my personal certificate, Mozilla displays an error message ).I tried with only one SSL connector on port 443 and with also an http connector on port 80 without success.I would like to know if I'm wasting time or there are success stories about this in this community. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED
RE: SSL client authentication with tomcat 4.1.24
You need to import your personal certificate into your browser. In IE: Select 'Internet Options' from the Tools Menu Select the Content tab Press the certificates button This takes you to the screen showing all your certificates Select the 'Personal' tab Press Import to import your certificate Andy -Original Message- From: Duma Rolando [mailto:[EMAIL PROTECTED] Sent: 06 June 2003 11:31 To: Tomcat Mailing List Subject: SSL client authentication with tomcat 4.1.24 Is there anyone that have a running tomcat 4.1.24 standalone server with SSL and clientAuth=true? My current config doesn't work ( i.e. Internet Explorer doesn't display my personal certificate, Mozilla displays an error message ).I tried with only one SSL connector on port 443 and with also an http connector on port 80 without success.I would like to know if I'm wasting time or there are success stories about this in this community. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: SSL client authentication with tomcat 4.1.24
I have already imported my certificate.This is correctly showed if I connect to an apache + mod-ssl server with SSLVerifyClient require directive, so I think the problem belongs to Tomcat SSL implementation or its configuration. That's why I'm looking for people with positive experience on this kind of setup. - Original Message - From: Bodycombe, Andrew [EMAIL PROTECTED] To: 'Tomcat Users List' [EMAIL PROTECTED] Sent: Friday, June 06, 2003 12:58 PM Subject: RE: SSL client authentication with tomcat 4.1.24 You need to import your personal certificate into your browser. In IE: Select 'Internet Options' from the Tools Menu Select the Content tab Press the certificates button This takes you to the screen showing all your certificates Select the 'Personal' tab Press Import to import your certificate Andy -Original Message- From: Duma Rolando [mailto:[EMAIL PROTECTED] Sent: 06 June 2003 11:31 To: Tomcat Mailing List Subject: SSL client authentication with tomcat 4.1.24 Is there anyone that have a running tomcat 4.1.24 standalone server with SSL and clientAuth=true? My current config doesn't work ( i.e. Internet Explorer doesn't display my personal certificate, Mozilla displays an error message ).I tried with only one SSL connector on port 443 and with also an http connector on port 80 without success.I would like to know if I'm wasting time or there are success stories about this in this community. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: SSL client authentication with tomcat 4.1.24
For me, it looks like some certificates cant be read by tomcat/ssl. So, my Thawte FreeMail Member certificate works, but the certificate generated by SuSE OpenExchange wont work. I havent figured out what the difference could be for now. Mario - Original Message - From: Duma Rolando [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Friday, June 06, 2003 1:40 PM Subject: Re: SSL client authentication with tomcat 4.1.24 I have already imported my certificate.This is correctly showed if I connect to an apache + mod-ssl server with SSLVerifyClient require directive, so I think the problem belongs to Tomcat SSL implementation or its configuration. That's why I'm looking for people with positive experience on this kind of setup. - Original Message - From: Bodycombe, Andrew [EMAIL PROTECTED] To: 'Tomcat Users List' [EMAIL PROTECTED] Sent: Friday, June 06, 2003 12:58 PM Subject: RE: SSL client authentication with tomcat 4.1.24 You need to import your personal certificate into your browser. In IE: Select 'Internet Options' from the Tools Menu Select the Content tab Press the certificates button This takes you to the screen showing all your certificates Select the 'Personal' tab Press Import to import your certificate Andy -Original Message- From: Duma Rolando [mailto:[EMAIL PROTECTED] Sent: 06 June 2003 11:31 To: Tomcat Mailing List Subject: SSL client authentication with tomcat 4.1.24 Is there anyone that have a running tomcat 4.1.24 standalone server with SSL and clientAuth=true? My current config doesn't work ( i.e. Internet Explorer doesn't display my personal certificate, Mozilla displays an error message ).I tried with only one SSL connector on port 443 and with also an http connector on port 80 without success.I would like to know if I'm wasting time or there are success stories about this in this community. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: SSL client authentication with tomcat 4.1.24
I believe that the Sun 1.4 JVM ships with the certs for Verisign and Thawte (to verify this, search the java.sun.com site). To allow OpenExchange signed certs, you need to get the signing cert (not hard), and import it into cacerts. Mario Ivankovits [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] For me, it looks like some certificates cant be read by tomcat/ssl. So, my Thawte FreeMail Member certificate works, but the certificate generated by SuSE OpenExchange wont work. I havent figured out what the difference could be for now. Mario - Original Message - From: Duma Rolando [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Friday, June 06, 2003 1:40 PM Subject: Re: SSL client authentication with tomcat 4.1.24 I have already imported my certificate.This is correctly showed if I connect to an apache + mod-ssl server with SSLVerifyClient require directive, so I think the problem belongs to Tomcat SSL implementation or its configuration. That's why I'm looking for people with positive experience on this kind of setup. - Original Message - From: Bodycombe, Andrew [EMAIL PROTECTED] To: 'Tomcat Users List' [EMAIL PROTECTED] Sent: Friday, June 06, 2003 12:58 PM Subject: RE: SSL client authentication with tomcat 4.1.24 You need to import your personal certificate into your browser. In IE: Select 'Internet Options' from the Tools Menu Select the Content tab Press the certificates button This takes you to the screen showing all your certificates Select the 'Personal' tab Press Import to import your certificate Andy -Original Message- From: Duma Rolando [mailto:[EMAIL PROTECTED] Sent: 06 June 2003 11:31 To: Tomcat Mailing List Subject: SSL client authentication with tomcat 4.1.24 Is there anyone that have a running tomcat 4.1.24 standalone server with SSL and clientAuth=true? My current config doesn't work ( i.e. Internet Explorer doesn't display my personal certificate, Mozilla displays an error message ).I tried with only one SSL connector on port 443 and with also an http connector on port 80 without success.I would like to know if I'm wasting time or there are success stories about this in this community. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
