Hi, when Internet Explorer prompts you with the list of certificates to send to the server, it checks KeyUsage of the certs in you keystore. If the list is empty, it means you have no usable cert.
How do you generate your certs? If you use openssl, please consult openssl.txt in the docs. KeyUsage is explained there. The behavior is dependent of version of ie and windows. Certs from a trustcenter are very restricted in respect of usage. A email cert may be usable only for email, and nothing more. Same for file encryption (EFS), code signature and authentication, ... Non-Repudiation could be the KeyUsage you need. But don't know Take care: the KeyUsage of the CA-cert is sometimes also checked. Not talking about CRLs. With a Win2000 CA you have to chose the right profile when requesting the cert. This is definitely the wrong list to get deeper insight with certificates. But I am also not sure what the right place would be... openssl could be a good idea. With this program you can generate test certs for any usage: http://sourceforge.net/projects/myca (Usable with Linux and cygwin. It's based on openssl) Sometimes it is useful to test it with another browser. hope that helps, Reinhard Am Dienstag, 25. März 2003 23:53 schrieb [EMAIL PROTECTED]: > Thanks, but I have read that documentation many times. > > That documentations tells us how to run Tomcat in SSL mode. And as I > mentioned in the previous message, I know how to do that. > > What I want is mutual authentication, that is, > > 1. The Web server authenticates itself by sending its certificate to the > client. (This is what the doc talks about) > > 2. The client authenticates itself by sending its certificate to the Web > server. (This is not mentioned in that documentation, and is what I want > to do) > > "Bill Barker" <[EMAIL PROTECTED]> wrote: > >http://jakarta.apache.org/tomcat/tomcat-4.1-doc/ssl-howto.html > > > >----- Original Message ----- > > From: <[EMAIL PROTECTED]> > > >To: ""Tomcat Developers List"" <[EMAIL PROTECTED]> > >Sent: Tuesday, March 25, 2003 1:44 PM > >Subject: Tomcat SSL mutual authentication: Nobody's got a clue? > > > >> I want configure Tomcat SSL for mutual authentication. And I've been > > > >exploring this for a while. > > > >> If tomcat-users don't know this, tomcat-developers also get no clue? > >> > >> __________________________________________________________________ > >> Try AOL and get 1045 hours FREE for 45 days! > >> http://free.aol.com/tryaolfree/index.adp?375380 > >> > >> Get AOL Instant Messenger 5.1 for FREE! Download Now! > >> http://aim.aol.com/aimnew/Aim/register.adp?promos=380455 > >> > >> --------------------------------------------------------------------- > >> To unsubscribe, e-mail: [EMAIL PROTECTED] > >> For additional commands, e-mail: [EMAIL PROTECTED] > > > >--------------------------------------------------------------------- > >To unsubscribe, e-mail: [EMAIL PROTECTED] > >For additional commands, e-mail: [EMAIL PROTECTED] > > __________________________________________________________________ > Try AOL and get 1045 hours FREE for 45 days! > http://free.aol.com/tryaolfree/index.adp?375380 > > Get AOL Instant Messenger 5.1 for FREE! Download Now! > http://aim.aol.com/aimnew/Aim/register.adp?promos=380455 > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
