two way trust

Fri, 15 Aug 2003 20:11:34 -0700 

Does Tomcat support two way trust (HTTPS) between the client and itself,
where the server requests for a X509 certificate from the client connecting
to it?  I read somewhere that this feature isn't complete in the 4.1.x
version of Tomcat.

I've tried setting the config file as follows (I'm running Jboss
3.0.4/Tomcat 4.1.12 on Win2K server):

   <Connector className="org.apache.coyote.tomcat4.CoyoteConnector"
                port="443" minProcessors="5" maxProcessors="75"
                enableLookups="false"
          acceptCount="100" debug="0" scheme="https" secure="true"
                useURIValidationHack="false" disableUploadTimeout="true">
         <Factory
className="org.apache.coyote.tomcat4.CoyoteServerSocketFactory"
          keystoreFile="E:\\jboss-3.0.4_tomcat-4.1.12\\bin\\TOMCAT.KS"
keystorePass="TOMCAT"
                 clientAuth="true" protocol="TLS" />
      </Connector>


I am able to connect to Tomcat using a simple java-based ssl program when
clientAuth="false", but it fails when I set it to true.  I've specified a
trust store (and trust store password) containing all the valid CA certs ,
in an environment variable: CATALINA_OPTS.

The trace of the execution is as follows:

Client write key:
0000: 82 17 82 46 A4 94 00 54   A8 13 D7 88 B0 92 17 C1  ...F...T........
Server write key:
0000: E0 C4 6E A4 D8 0F 78 23   B7 B0 6A 97 98 46 AD 40  ..n...x#..j..F.@
... no IV for cipher
JsseJCE: Using JSSE internal implementation for cipher RSA/ECB/PKCS1Padding
*** CertificateVerify
main, WRITE: TLSv1 Handshake, length = 134
main, WRITE: TLSv1 Change Cipher Spec, length = 1
JsseJCE: Using JSSE internal implementation for cipher RC4
*** Finished
verify_data:  { 195, 128, 75, 187, 144, 183, 187, 156, 108, 255, 102, 85 }
***
main, WRITE: TLSv1 Handshake, length = 32
main, READ: TLSv1 Alert, length = 2
main, RECV TLSv1 ALERT:  fatal, bad_certificate
main, called closeSocket()
main, handling exception: javax.net.ssl.SSLHandshakeException: Received
fatal al
ert: bad_certificate
javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate
        at com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.a(DashoA6275)
        at com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.b(DashoA6275)
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.b(DashoA6275)
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(DashoA6275)


Any ideas?

Steve




---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to