Hello TC5 Users - I am setting up Tomcat 5 in a production environment. The requirement is to lock down the site so that only users with trusted personal certificates may access the site.
I believe I have everything configured in server.xml. <Connector port="443" maxThreads="150" minSpareThreads="25" maxSpareThreads="75" enableLookups="false" disableUploadTimeout="true" acceptCount="100" debug="3" scheme="https" secure="true" clientAuth="true" sslProtocol="TLS" /> I used %java-home%/bin/keytool to build the certificate store and the server and client certificates (self-signed). Tomcat asks for the client certificate when I try and connect, but - here is the problem: (1) I can't seem to get the client key to export properly so that I can install it in the browser; how do I get a .pfx out of the keystore? (2) How can I validate which certificate store is being used by tomcat? (I made a few along the way in testing) (3) I set debug="3" in the SSL connector but am not seeing the SSL handshake in stdout. Is there some other way for setting debug to see the handshake? Environment is J2sdk1.4.2_07; Tomcat 5.0.28 running as a service on Win2003 Server. FYI - for others working with Tomcat and SSL these links are an excellent resource: http://jakarta.apache.org/tomcat/tomcat-5.0-doc/ssl-howto.html http://jakarta.apache.org/tomcat/tomcat-5.0-doc/config/http.html#SSL%20S upport http://java.sun.com/webservices/docs/1.1/tutorial/doc/WebAppSecurity5.ht ml http://java.sun.com/j2se/1.4.2/docs/tooldocs/solaris/keytool.html#genkey Cmd Thanks in advance to everyone in the group ! - wjs --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
