RE: Tomcat SSL client authentication problem with Internet Explore

2003-08-22 Thread Ratón Lacarcel, Antonio 
Hi again...

CA cert is installed in MSIE's root certificates (also in  Mozilla root certificates) 
but the box is still empty.

Any idea?

Thank you!!!

-Mensaje original-
De: Bill Barker [mailto:[EMAIL PROTECTED]
Enviado el: viernes, 22 de agosto de 2003 6:17
Para: [EMAIL PROTECTED]
Asunto: Re: Tomcat SSL client authentication problem with Internet
Explore


I'm guessing that you didn't install your CA's cert in MSIE's root
certificates.  Since Tomcat will ask for certs signed by your CA, if MSIE
can't find any (that it can verify the chain with), you get an empty box.

Ratón Lacarcel, Antonio [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]
Hi!

I have a problem with Tomcat 4.0.6 and SSL client authentication. When I use
the Internet Explorer browser (v6.0) and I try to access the secure URL (for
example https://whatever:8043), an empty list of certificates is presented.
However, if I use Mozilla 1.4 or Netscape  4.76, the client certificates are
presented and the secure pages are available.

The following environment is used:

 + jdk1.3.1_08
 + Microsoft Certificate Server
 + Tomcat 4.0.6

My server.xml file has the following element:

  Connector className=org.apache.coyote.tomcat4.CoyoteConnector
   port=8443 minProcessors=5 maxProcessors=75
   enableLookups=true
   acceptCount=10 debug=3  scheme=https secure=true
connectionTimeout=2
   useURIValidationHack=false
Factory className=org.apache.coyote.tomcat4.CoyoteServerSocketFactory
   clientAuth=true
   keystoreFile=C:\Documents and Settings\araton\.keystore
   keystorePass=changeit protocol=TLS/
/Connector

I have also created the keystores and the cacerts (for trusted certificates)
files. Tomcat also finds the cacerts file because I've added the following
parameters in the Tomcat enviroment variables (and because I've seen it in
the debug console):
-Djavax.net.ssl.trustStore=c:\path_to_cacerts\cacerts
-Djavax.net.ssl.trustStorePassword=changeit

I have defined my own CA, my server-tomcat certificate signed by the CA and
in order to create the client certificates, I've used the Certificate Server
web tool, asking for a web certificate using each browser
(Netscape-IE-Mozilla) and installing the client certificate from the
browser.

Could you help me please?

If more info is needed, please tell it to me and I will try to explain the
problem with higher detail.

Thanks in advance and sorry if my english is too simple...

Antonio Ratón

---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.511 / Virus Database: 308 - Release Date: 18/08/2003


---
Este correo electrónico y, en su caso, cualquier fichero anexo al mismo,
contiene información de carácter confidencial exclusivamente dirigida a su
destinatario o destinatarios. Queda prohibida su divulgación, copia o
distribución a terceros sin la previa autorización escrita de Indra. En el
caso de haber recibido este correo electrónico por error, se ruega notificar
inmediatamente esta circunstancia mediante reenvío a la dirección
electrónica del remitente.

The information in this e-mail and in any attachments is confidential and
solely for the attention and use of the named addressee(s). You are hereby
notified that any dissemination, distribution or copy of this communication
is prohibited without the prior written consent of Indra. If you have
received this communication in error, please, notify the sender by reply
e-mail




-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


---
Incoming mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.511 / Virus Database: 308 - Release Date: 18/08/2003


---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.511 / Virus Database: 308 - Release Date: 18/08/2003

---
Este correo electrónico y, en su caso, cualquier fichero anexo al mismo, contiene 
información de carácter confidencial exclusivamente dirigida a su destinatario o 
destinatarios. Queda prohibida su divulgación, copia o distribución a terceros sin la 
previa autorización escrita de Indra. En el caso de haber recibido este correo 
electrónico por error, se ruega notificar inmediatamente esta circunstancia mediante 
reenvío a la dirección electrónica del remitente.

The information in this e-mail and in any attachments is confidential and solely for 
the attention and use of the named addressee(s). You are hereby notified that any 
dissemination, distribution or copy of this communication

Re: Tomcat SSL client authentication problem with Internet Explore

2003-08-21 Thread Bill Barker 
I'm guessing that you didn't install your CA's cert in MSIE's root
certificates.  Since Tomcat will ask for certs signed by your CA, if MSIE
can't find any (that it can verify the chain with), you get an empty box.

Ratón Lacarcel, Antonio [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]
Hi!

I have a problem with Tomcat 4.0.6 and SSL client authentication. When I use
the Internet Explorer browser (v6.0) and I try to access the secure URL (for
example https://whatever:8043), an empty list of certificates is presented.
However, if I use Mozilla 1.4 or Netscape  4.76, the client certificates are
presented and the secure pages are available.

The following environment is used:

 + jdk1.3.1_08
 + Microsoft Certificate Server
 + Tomcat 4.0.6

My server.xml file has the following element:

  Connector className=org.apache.coyote.tomcat4.CoyoteConnector
   port=8443 minProcessors=5 maxProcessors=75
   enableLookups=true
   acceptCount=10 debug=3  scheme=https secure=true
connectionTimeout=2
   useURIValidationHack=false
Factory className=org.apache.coyote.tomcat4.CoyoteServerSocketFactory
   clientAuth=true
   keystoreFile=C:\Documents and Settings\araton\.keystore
   keystorePass=changeit protocol=TLS/
/Connector

I have also created the keystores and the cacerts (for trusted certificates)
files. Tomcat also finds the cacerts file because I've added the following
parameters in the Tomcat enviroment variables (and because I've seen it in
the debug console):
-Djavax.net.ssl.trustStore=c:\path_to_cacerts\cacerts
-Djavax.net.ssl.trustStorePassword=changeit

I have defined my own CA, my server-tomcat certificate signed by the CA and
in order to create the client certificates, I've used the Certificate Server
web tool, asking for a web certificate using each browser
(Netscape-IE-Mozilla) and installing the client certificate from the
browser.

Could you help me please?

If more info is needed, please tell it to me and I will try to explain the
problem with higher detail.

Thanks in advance and sorry if my english is too simple...

Antonio Ratón

---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.511 / Virus Database: 308 - Release Date: 18/08/2003


---
Este correo electrónico y, en su caso, cualquier fichero anexo al mismo,
contiene información de carácter confidencial exclusivamente dirigida a su
destinatario o destinatarios. Queda prohibida su divulgación, copia o
distribución a terceros sin la previa autorización escrita de Indra. En el
caso de haber recibido este correo electrónico por error, se ruega notificar
inmediatamente esta circunstancia mediante reenvío a la dirección
electrónica del remitente.

The information in this e-mail and in any attachments is confidential and
solely for the attention and use of the named addressee(s). You are hereby
notified that any dissemination, distribution or copy of this communication
is prohibited without the prior written consent of Indra. If you have
received this communication in error, please, notify the sender by reply
e-mail




-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]