Re: Tomcat Smart Card (CAC card) problem
Hi, > The issue seems to be with the IE /Tomat handshake. When IE hits my Tomcat site, it > puts up a dialog with a title of "Choose a Digital Certificate". However the list of > certificates to choose from is empty. > The certificates are loaded into my IE browser. It seem to work with IIS. When I > hit an IIS site, the same form comes up, but the form is pre-populated with the list > of certifcates. > Why doesn't IE show the certificates when accessing Tomcat but does when accessing > IIS? Most probably, your Tomcat connector does not trust the CA from your Smartcard. As you Configured clientAuth="ture" you make the connector request a client cert. The connector will send all the CA's it trusts to the client and your client will present the fitting ones for you to select from. When the Server (in this case the tomcat connector) trust no CA's your client has certificates from, you'll see the empty list. I can only guess that your IIS has the CA from your smartcard already imported. To fix it for tomcat you need to append your connectors configuration by the following: truststoreFile="conf/trust.keystore" truststorePass="i_wont_say" You need to put the CA cert (and all CA certs above that one) into the referenced trust-keystore. Mit freundlichen Grüßen, Alexander Jung smime.p7s Description: S/MIME cryptographic signature
Re: Tomcat Smart Card (CAC card) problem
Good Evening Fred It appears your connector in server.xml does not have CertificatePath and or RequestPath defined keep in mind that all of the paths unless otherwise specified are relative to $CATALINA+BASE Here is an example of connector parameters to get you started http://tomcat.apache.org/tomcat-5.5-doc/ssl-howto.html HTH M-- --- This e-mail message (including attachments, if any) is intended for the use of the individual or entity to which it is addressed and may contain information that is privileged, proprietary , confidential and exempt from disclosure. If you are not the intended recipient, you are notified that any dissemination, distribution or copying of this communication is strictly prohibited. --- Le présent message électronique (y compris les pièces qui y sont annexées, le cas échéant) s'adresse au destinataire indiqué et peut contenir des renseignements de caractère privé ou confidentiel. Si vous n'êtes pas le destinataire de ce document, nous vous signalons qu'il est strictement interdit de le diffuser, de le distribuer ou de le reproduire. - Original Message - From: "Thurber, Fred" <[EMAIL PROTECTED]> To: Sent: Wednesday, February 28, 2007 4:50 PM Subject: Tomcat Smart Card (CAC card) problem I am trying to get a smart card to work with Tomcat. The smart card in question is a DoD CAC (Common Access Card). I believe that I have setup my Connector element correctly in my server.xml: The issue seems to be with the IE /Tomat handshake. When IE hits my Tomcat site, it puts up a dialog with a title of "Choose a Digital Certificate". However the list of certificates to choose from is empty. The certificates are loaded into my IE browser. It seem to work with IIS. When I hit an IIS site, the same form comes up, but the form is pre-populated with the list of certifcates. Why doesn't IE show the certificates when accessing Tomcat but does when accessing IIS? - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Tomcat Smart Card (CAC card) problem
I am trying to get a smart card to work with Tomcat. The smart card in question is a DoD CAC (Common Access Card). I believe that I have setup my Connector element correctly in my server.xml: The issue seems to be with the IE /Tomat handshake. When IE hits my Tomcat site, it puts up a dialog with a title of "Choose a Digital Certificate". However the list of certificates to choose from is empty. The certificates are loaded into my IE browser. It seem to work with IIS. When I hit an IIS site, the same form comes up, but the form is pre-populated with the list of certifcates. Why doesn't IE show the certificates when accessing Tomcat but does when accessing IIS? - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]