Re: Problem with SSL

[Mark Thomas]

From the Tomcat documentation:
<quote>
clientAuth
Set to true if you want the SSL stack to require a valid certificate 
chain from the client before accepting a connection. A false value 
(which is the default) will not require a certificate chain unless the 
client requests a resource protected by a security constraint that uses 
CLIENT-CERT authentication.
</quote>

[EMAIL PROTECTED] wrote:
By right the client should not be asked to present a
cert because my server.xml setting is set to
clientAuth="false"
--- Mark Thomas <[EMAIL PROTECTED]> wrote:

The problem appears to be that no client certificate
is presented by 
your client. Do you get prompted by your browser to
specify a client 
certificate?

Browsers may be configured not to prompt for a
certificate in any or all 
of the following cases:
- No client certs have been imported into the
browser
- No compatible client certs have been imported into
the browser
- Only one suitable cert was found so it was
returned (unlikely in your 
case)

Check your browser/cert configuration.
Mark
[EMAIL PROTECTED] wrote:
web.xml: 

<?xml version="1.0" encoding="ISO-8859-1"?> 
<!DOCTYPE web-app
  PUBLIC "-//Sun Microsystems, Inc.//DTD Web
Application 2.3//EN"
  "http://localhost/dtd/web-app_2_3.dtd";>
<web-app>	
	<context-param>
		<param-name>driverClassName</param-name>
		<param-value>com.mysql.jdbc.Driver</param-value>
	</context-param>
	<context-param>
		<param-name>dbUsername</param-name>
		<param-value>root</param-value>
	</context-param>
	<context-param>
		<param-name>dbPassword</param-name>
		<param-value>sql4dm1n2003</param-value>
	</context-param>
	
	<listener>
		<listener-class>
			MyListener
		</listener-class>
	</listener>
	
	
	<servlet>
		<servlet-name>ErrorServlet</servlet-name> 
	


<servlet-class>chapter04.ErrorServlet</servlet-class>
	</servlet>
	<servlet>
		<servlet-name>LoginServlet</servlet-name> 
	


<servlet-class>chapter04.LoginServlet</servlet-class>
                <init-param>
                        <param-name>dburl</param-name>
                

<param-value>jdbc:mysql://localhost/test</param-value>
                </init-param>
        </servlet>
        
        <servlet-mapping>
                <servlet-name>LoginServlet</servlet-name>
                <url-pattern>/login</url-pattern>
        </servlet-mapping>
        <servlet-mapping>
                <servlet-name>ErrorServlet</servlet-name>
                <url-pattern>/error</url-pattern>
        </servlet-mapping>
        
        <welcome-file-list>
                <welcome-file>/login.html</welcome-file>
        </welcome-file-list>
        
        <error-page>
                <error-code>403</error-code>
                <location>/login.html</location>
        </error-page>
        <!--
        <error-page>
        

<exception-type>java.sql.SQLException</exception-type>
                <location>/error</location>
        </error-page>
        -->
        <security-constraint>
                <web-resource-collection>
                        <web-resource-name>login
servlet</web-resource-name>
                        <url-pattern>/login</url-pattern>>
                        <http-method>POST</http-method>
                </web-resource-collection>
                
                <auth-constraint>
                        <role-name>manager</role-name>
                </auth-constraint>
                
                <user-data-constraint>
                
<transport-guarantee>INTEGRAL</transport-guarantee>
                </user-data-constraint>
                
        </security-constraint>
        
        <login-config>
                <auth-method>CLIENT-CERT</auth-method>
                <realm-name>sales</realm-name>
                <!--
                <form-login-config>
                        <form-login-page>/auth.html</form-login-page>
                        <form-error-page>/error.html</form-error-page>
                </form-login-config>
                -->
        </login-config>
        
        <security-role>
                <role-name>manager</role-name>
        </security-role>
                
</web-app>
server.xml: (the part that matters)
<Connector port="8443" 
              maxThreads="150"
minSpareThreads="25"
maxSpareThreads="75"
              enableLookups="false"
disableUploadTimeout="true"
              acceptCount="100" scheme="https"
secure="true"
              clientAuth="false"
sslProtocol="TLS" />
I have a simple login page that access
LoginServlet. I
get this error:
WARNING: Exception getting SSL Cert
java.net.SocketException: Socket Closed
INFO: SSL Error getting client Certs
javax.net.ssl.SSLProtocolException: handshake
alert:
no_certificate
WARNING: Exception getting SSL Cert
javax.net.ssl.SSLProtocolException: handshake
alert:
no_certificate
My tomcat SSL setup should be working fine because
i
can access https://localhost:8443 and when i
deploy my
war i do not see any problems with regards to my
keystore file. Can someone shed some light on this
issue?
__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam
protection around 

http://mail.yahoo.com 



---------------------------------------------------------------------
To unsubscribe, e-mail:
[EMAIL PROTECTED]
For additional commands, e-mail:
[EMAIL PROTECTED]


---------------------------------------------------------------------
To unsubscribe, e-mail:
[EMAIL PROTECTED]
For additional commands, e-mail:
[EMAIL PROTECTED]



		
__________________________________ 
Do you Yahoo!? 
Yahoo! Small Business - Try our new resources site!
http://smallbusiness.yahoo.com/resources/ 

---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]