hello A project I'm doing right now involves having a SSL enabled standalone tomcat server (running on win2000) connecting to a SSL enabled client (running on an embedded platform, and using a ported version of openSSL). Both client as server use a certificate signed by a self-created CA. These two certificates, as well as the one of the CA is added to the server keystore, and both client as CA cert are loaded in the client.
During the set-up of this connection both server and client authentication through RSA certs is needed, and this is where I have a problem: although server authentication by the client works fine, I can't seem to get the client authentication by the server to work. Basically when I turn the clientAuth option in the ssl connector in server.xml to "true", the ssl handshake is aborted and I don't know why. I also used the basic s_client option of the openSSL command line utility (compiled on a windows environment) to connect, and the same problem occurs, so the problem does lie with my tomcat configuration, and not with my client. Is there something I'm overlooking, and is it überhaubt possible to use standalone tomcat to do client authentication (I know how to do it using apache, but for all sorts of reasons we would prefer the more lightweight standalone tomcat). If it is possible, what do I need to do more than adding all the certs to the server keystore, and turning clientAuth to true. I mean just to do general client auth, I'm not even talking about security realms or things like that. I have been looking the past few days on the web for any references to client auth on standalone tomcat, but basically I found only doubts and half-truths. So you can imagine that any help or reference to documents is more than welcome greetings stefaan -- To unsubscribe: <mailto:[EMAIL PROTECTED]> For additional commands: <mailto:[EMAIL PROTECTED]> Troubles with the list: <mailto:[EMAIL PROTECTED]>