This is the answere:
http://www.comu.de/docs/tomcat_ssl.htm and its really easy. > -----Ursprungliche Nachricht----- > Von: Henrik Schultz [mailto:[EMAIL PROTECTED]] > Gesendet: Montag, 1. Juli 2002 16:43 > An: tomcat-user > Betreff: Tomcat 4 - OpenSSL - IE client certificate works partially > > > > Greetings all... > > For those not interested in client certificates at the deep technical > level, this is probably not your favorite cup of tea. Otherwise read on. > > Enabling SSL in Tomcat is really no sweat using your own home-made > certificates, thanks to the excellent HOW-TO. Once you get your root CA > certificate installed in the right places, and a suitable certificate > installed in Tomcat, everything works just fine. > > However, creating client certificates that works with IE has (at least for > me) shown to be a real pain. I've experimented for months, and tried > numerous postings on this list, but noone seemed to know the > finer details. > It was only recently I had a breakthrough, in that a trial > certificate from > Verisign allowed me to compare that and a home-made one, and find the bits > that makes the difference, that is, what it takes for it to be > shown on the > selection list in IE when the server asks for a client certificate. > Last night I succeeded. The right combination of keytool and openssl > maneuvres to setup a private CA, finally generated a certificate that > installed without a hitch in IE, and came up when I subsequently connected > to my SSL enabled Tomcat. So far so good. > > However there is still one major obstacle ... the server aborts the > connection right away :-(((( > > IE tells me: > > "The page cannot be displayed > The page you are looking for is currently unavailable. > The Web site might be experiencing technical difficulties, > or you may need to adjust your browser settings." > > In other words, the usual message that indicates that the server screwed > up, and closed the connection. > > Interestingly enough the Verisign certificate works just fine. So there is > apparently still a difference to Tomcat. > Have tried to connect using openssl s_client - works A-OK, also with my > home-made certificate. > Have looked in the tomcat logs to no avail. There is no trace anywhere why > the connection breaks. > > So the question to the list is: how would I go by diagnosing this? I > believe that the problem must be related to the SSL container (?) that > responds to the traffic on port 443, and does all the SSL handshaking, > because my application never sees anything. > Just like in Apache there's an error log for all the pages that fail - > isn't there such a log in Tomcat? > > Thanks for any input or advice you might have! > > PS. If anyone is interested in a writeup or HOW-TO of making client > certificates for Tomcat, let me know. This is certainly tricky stuff! > > Henrik Schultz > Senior Systems Architect > Consultant to Maersk Data AS > Tel.: +45 39 10 21 13 > Mobile: +45 22 12 24 29 > E-mail: [EMAIL PROTECTED] > > > -- > To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>