Got there in the end! I'll add this to my list of things to look at. Mark
> -----Original Message----- > From: Idoia Murua Belacortu [mailto:[EMAIL PROTECTED] > Sent: Friday, March 26, 2004 10:22 AM > To: Tomcat Users List > Subject: RE: tomcat certificate > > > Yes, you are right. Before my server.xml file had the following realm > defined: > > <!-- Global JNDI resources --> > <GlobalNamingResources> > <!-- Test entry for demonstration purposes --> > <Environment name="simpleValue" type="java.lang.Integer" > value="30"/> > <!-- Editable user database that can also be used by > UserDatabaseRealm to authenticate users --> > <Resource name="UserDatabase" auth="Container" > type="org.apache.catalina.UserDatabase" > description="User database that can be updated and saved"> > </Resource> > <ResourceParams name="UserDatabase"> > <parameter> > <name>factory</name> > > <value>org.apache.catalina.users.MemoryUserDatabaseFactory</value> > </parameter> > <parameter> > <name>pathname</name> > <value>conf/tomcat-users.xml</value> > </parameter> > </ResourceParams> > </GlobalNamingResources> > > <Realm className="org.apache.catalina.realm.UserDatabaseRealm" > debug="0" resourceName="UserDatabase"/> > > I have replaced it with the memory realm: > <Realm className="org.apache.catalina.realm.MemoryRealm" /> > > And now it accepts the client certificate. Thank you very > much for your > help. > > And I think you are right, the error in the "catalina.out" > file is a JMX > issue. > > Regards, > Idoia > > > > > > "Mark Thomas" > > > <[EMAIL PROTECTED] Para: > "'Tomcat Users List'" <[EMAIL PROTECTED]> > > > cc: > > > Asunto: RE: > tomcat certificate > > 25/03/04 19:48 > > > Por favor, > > > responda a > > > "Tomcat Users > > > List" > > > > > > > > > > > > I've look at the code and it would help if you could post your realm > definition. > > Thanks, > > Mark > > > -----Original Message----- > > From: Mark Thomas [mailto:[EMAIL PROTECTED] > > Sent: Thursday, March 25, 2004 6:00 PM > > To: 'Tomcat Users List' > > Subject: RE: tomcat certificate > > > > OK. Light dawns. Can you try using the memory realm? My realm > > definition looks > > like: > > <Realm className="org.apache.catalina.realm.MemoryRealm" /> > > > > Looking again at the exception it looks like a JMX issue with the > > UserDatabaseRealm MBean and user names containing '='. I'll > > have a look at the > > code. > > > > Mark > > > > > -----Original Message----- > > > From: Idoia Murua Belacortu [mailto:[EMAIL PROTECTED] > > > Sent: Thursday, March 25, 2004 9:01 AM > > > To: Tomcat Users List > > > Subject: RE: tomcat certificate > > > > > > > > > My server.xml file has: > > > <Connector port="8443" > > > maxThreads="150" minSpareThreads="25" maxSpareThreads="75" > > > enableLookups="false" disableUploadTimeout="true" > > > acceptCount="100" debug="0" scheme="https" secure="true" > > > clientAuth="true" sslProtocol="TLS" > > > keystoreFile > > > ="/home/tomcat/jakarta-tomcat-5.0.19/conf/ssl/server/server.ks" /> > > > > > > > > > The tomcat-users.xml file has: > > > <role rolename="certs"/> > > > <user username="[EMAIL PROTECTED], CN=Idoia, > > > OU=INFOTECH, > > > O=ROBOTIKER, L=ZAMUDIO, ST=BIZKAIA, C=ES" password="null" > > > roles="certs"/> > > > > > > > > > The web.xml file of the application is: > > > > > > <?xml version="1.0" encoding="windows-1252"?> > > > <!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD > > > Web Application > > > 2.3//EN" "http://java.sun.com/dtd/web-app_2_3.dtd"> > > > <web-app> > > > <description>Empty web.xml file for Web > > > Application</description> > > > <session-config> > > > <session-timeout>35</session-timeout> > > > </session-config> > > > <mime-mapping> > > > <extension>html</extension> > > > <mime-type>text/html</mime-type> > > > </mime-mapping> > > > <mime-mapping> > > > <extension>txt</extension> > > > <mime-type>text/plain</mime-type> > > > </mime-mapping> > > > <welcome-file-list> > > > <welcome-file>index.jsp</welcome-file> > > > <welcome-file>index.html</welcome-file> > > > </welcome-file-list> > > > <resource-ref> > > > <description>Saturn database</description> > > > <res-ref-name>jdbc/saturn</res-ref-name> > > > <res-type>javax.sql.DataSource</res-type> > > > <res-auth>SERVLET</res-auth> > > > </resource-ref> > > > <security-constraint> > > > <web-resource-collection> > > > <web-resource-name>Protected > > > Area</web-resource-name> > > > <url-pattern>/pim.htm</url-pattern> > > > </web-resource-collection> > > > <auth-constraint> > > > <role-name>certs</role-name> > > > </auth-constraint> > > > <user-data-constraint> > > > > > > <transport-guarantee>CONFIDENTIAL</transport-guarantee> > > > </user-data-constraint> > > > </security-constraint> > > > > > > <login-config> > > > <auth-method>CLIENT-CERT</auth-method> > > > </login-config> > > > > > > <security-role> > > > <role-name>certs</role-name> > > > </security-role> > > > > > > </web-app> > > > > > > > > > When I startup Tomcat I get the following message in > > > "catalina.out" log > > > file: > > > > > > 24-mar-2004 > > > 17:37:55 > > > org.apache.catalina.mbeans.GlobalResourcesLifecycleListener > > > createMBeans > > > GRAVE: Exception creating UserDatabase MBeans for UserDatabase > > > javax.management.MalformedObjectNameException: Invalid > > > character '=' in > > > value part of property > > > at > > javax.management.ObjectName.construct(ObjectName.java:563) > > > at > javax.management.ObjectName.<init>(ObjectName.java:1300) > > > at > > > org.apache.catalina.mbeans.MBeanUtils.createObjectName(MBeanUt > > > ils.java:1520) > > > at > > > > > > org.apache.catalina.mbeans.MBeanUtils.createMBean(MBeanUtils.java:783) > > > at > > > org.apache.catalina.mbeans.GlobalResourcesLifecycleListener.cr > > > eateMBeans(GlobalResourcesLifecycleListener.java:280) > > > at > > > org.apache.catalina.mbeans.GlobalResourcesLifecycleListener.cr > > > eateMBeans(GlobalResourcesLifecycleListener.java:210) > > > at > > > org.apache.catalina.mbeans.GlobalResourcesLifecycleListener.cr > > > eateMBeans(GlobalResourcesLifecycleListener.java:172) > > > at > > > org.apache.catalina.mbeans.GlobalResourcesLifecycleListener.li > > > fecycleEvent(GlobalResourcesLifecycleListener.java:144) > > > at > > > org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(L > > > ifecycleSupport.java:166) > > > at > > > org.apache.catalina.core.StandardServer.start(StandardServer.j > > > ava:2338) > > > at > > > org.apache.catalina.startup.Catalina.start(Catalina.java:594) > > > at > > sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > > > at > > > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccess > > > orImpl.java:39) > > > at > > > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMeth > > > odAccessorImpl.java:25) > > > at java.lang.reflect.Method.invoke(Method.java:324) > > > at > > > org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:297) > > > at > > > org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:398) > > > > > > And when I access the "/pim.htm" page via SSL and port 8443 > > > it gives me a > > > Tomcat error in the navigator (HTTP 401). It is in Spanish, > > > but in English > > > it would be something like: > > > HTTP 401 Status - Impossible to authenticate with provided > > credentials > > > type: status report > > > message: Impossible to authenticate with provided credentials > > > description: This requirement requires HTTP authentication > > > (Impossible to > > > authenticate with provided credentials) > > > > > > The client certificate is signed by a CA recognised by > > > Tomcat, because when > > > I access other pages via SSL and port 8443, Tomcat > > > gives no eror and > > > accepts the client certificate. > > > > > > > > > Regards, > > > Idoia > > > > <trim> > > > > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]