Hi It seems like a silly question. But I am new to SSL and Certificates as well as Tomcat.
If my machines IP is 192.168.0.1 then I access tomcat as https://192.168.0.1:8443. Keeping this mind should I give the Common Name as 192.168.0.1 ??? How do I specify the client info in the tomcat-users.xml? <user name=mahesh password=kudva role="admin"> This is how my tomcat-users.xml file looks like. Regards & Thanks ================ Mahesh S Kudva -----Original Message----- From: "lercoli" <[EMAIL PROTECTED]> To: "Tomcat Users List" <tomcat-user@jakarta.apache.org> Date: Tue, 3 May 2005 14:33:46 +0200 Subject: Re: Client Authentication > CA and Tomcat common name should be the same (localhost or better your > DNS). > First and Last Name of client sould the name of a Tomcat user declared > in > tomcat-users.xml. > > Luca Ercoli > > ----- Original Message ----- > From: "Mahesh S Kudva" <[EMAIL PROTECTED]> > To: "Tomcat Users List" <tomcat-user@jakarta.apache.org> > Sent: Tuesday, May 03, 2005 1:41 PM > Subject: Re: Client Authentication > > > > Hi > > > > What kind of information do i need to put in the fields of First and > Last > > name and Common name. Will any information do or is it required that > I > > need to put in the server address in the client.p12 certificate.. > > > > Regards & Thanks > > ================ > > Mahesh S Kudva > > > > > > -----Original Message----- > > From: "Mahesh S Kudva" <[EMAIL PROTECTED]> > > To: "Tomcat Users List" <tomcat-user@jakarta.apache.org> > > Date: Mon, 02 May 2005 23:04:50 +0530 > > Subject: Re: Client Authentication > > > > > Hi > > > > > > I tried with client.p12 first, when i failed I went on with > > > client_cert.x509. I placed it in the personal folder ... > > > > > > Regards & Thanks > > > ================ > > > Mahesh S Kudva > > > > > > > > > -----Original Message----- > > > From: "lercoli" <[EMAIL PROTECTED]> > > > To: "Tomcat Users List" <tomcat-user@jakarta.apache.org> > > > Date: Mon, 2 May 2005 17:31:54 +0200 > > > Subject: Re: Client Authentication > > > > > > > You should import only client.p12 certificate in IE browser and > > > > when IE asks you in which folder you want to put it select > Personal > > > > Folder. > > > > > > > > I hope it helps you. > > > > > > > > Luca Ercoli > > > > > > > > > > > > ----- Original Message ----- > > > > From: "Mahesh S Kudva" <[EMAIL PROTECTED]> > > > > To: <tomcat-user@jakarta.apache.org> > > > > Sent: Monday, May 02, 2005 5:08 PM > > > > Subject: Client Authentication > > > > > > > > > > > > > Dear All > > > > > > > > > > I've been able to setup Tomcat 5.0.30 successfully on port > 8443. I > > > > want to > > > > > use client authentication. Hence i've enabled clientAuth=true > in > > > > > server.xml > > > > > > > > > > Running on Mac OS X these were the commands to create a CA and > sign > > > a > > > > > certificate using this CA. > > > > > > > > > > Creating a new CA: > > > > > 1) perl CA.pl -newca > > > > > > > > > > Certificate request using openssl: > > > > > 1) perl CA.pl -newreq > > > > > 2) perl CA.pl -sign > > > > > 3) mv newreq.pem client_req.pem > > > > > 4) mv newcert.pem client_cert.pem > > > > > 5) openssl rsa < client_req.pem > client_key.pem > > > > > 6) openssl pkcs12 -export -in client_cert.pem -inkey > client_key.pem > > > > -out > > > > > client.p12 > > > > > > > > > > For Tomcat using Java keytool to request certificate: > > > > > 1) openssl x509 -in server_cert.pem -out server.x509 > > > > > 2) openssl pkcs12 -export -in server_cert.pem -inkey > server_key.pem > > > > > -out server.p12 > > > > > 3) keytool -genkey -alias meAsClient -storepass changeit > > > > > 4) keytool -certreq -alias measclient -file client.csr > -storepass > > > > changeit > > > > > 5) openssl x509 -req -CA demoCA/cacert.pem -CAkey > > > > > demoCA/private/cakey.pem -extensions v3_ca -in client.csr > > > -inform > > > > DER > > > > > -out client_cert.x509 -CAcreateserial > > > > > 6) keytool -import -alias butterflyCA -keystore /Syst.. > > > > ..urity/cacerts > > > > > -file ../CA/demoCA/cacert.pem > > > > > 7) keytool -import -alias measclient -keystore clientstore > > > > -trustcacerts > > > > > -file client_cert.x509 > > > > > > > > > > > > > > > Following these commands I dont get any errors. I then import > the > > > > > cacert.pem, the ROOT CA certificate and the client.p12 and > > > > > client_cert.x509 to the browser I.E 6.0. But still there is a > popup > > > > > requesting for the clients identity and it asks me to select a > > > > > certificate and no certificates are displayed. > > > > > > > > > > How can I go about this? > > > > > > > > > > > > > > > All suggestion and ideas are welcome. > > > > > > > > > > > > > > > > > > > > Regards & Thanks > > > > > ================ > > > > > Mahesh S Kudva > > > > > > > > > > > > > > > > > > > > ------------------------------------------------------- > > > > > Robosoft Technologies - Partners in Product Development > > > > > > > > > > > > > > > > > > > > > > > > --------------------------------------------------------------------- > > > > > To unsubscribe, e-mail: > [EMAIL PROTECTED] > > > > > For additional commands, e-mail: > > > [EMAIL PROTECTED] > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > --------------------------------------------------------------------- > > > > To unsubscribe, e-mail: > [EMAIL PROTECTED] > > > > For additional commands, e-mail: > [EMAIL PROTECTED] > > > > > > > > ------------------------------------------------------- > > Robosoft Technologies - Partners in Product Development > > > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] ------------------------------------------------------- Robosoft Technologies - Partners in Product Development --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
