Hi all again
I am trying to work with tomcat and ssl with clientauth=true.
I am trying to access the Tomcat on localhost and supply the client
certificate through IE
In tomcat i have a servlet which will print the certificate eventually.
Here are the steps i take
1.<snip server.xml>
<Connector className="org.apache.catalina.connector.http.HttpConnector"
port="8443" minProcessors="5" maxProcessors="75"
enableLookups="true"
acceptCount="10" debug="0" scheme="https" secure="true">
<Factory
className="org.apache.catalina.net.SSLServerSocketFactory"
clientAuth="auth" protocol="TLS"
keystoreFile="c:\keystore\server.keystore" keystorePass="771652"/>
</Connector>
</snip>
2. Create the server.keystore
keytool -genkey -alias pask -keyalg rsa -keystore
c:\keystore\server.keystore
3.export the key to be put in IE Trust Root Dir
keytool -export -alias pask -keystore c:\keystore\server.keystore -file
server.cer
4.In IE Content import the server.cer into Trust Root Dir providers
Up to here if i put clientauth=false in server xml i have https
connection to tomcat with the IE showing it is SECURE the lock appears.
5.Now on the same machine i create the client certificate
keytool -genkey -alias pskon -keyalg rsa -keystore
c:\keystore\client.keystore
keytool -export -alias pskon -keystore c:\keystore\client.keystore -file
cl.cer
keytool -import -alias pskon -keystore c:\keystore\server.keystore -file
cl.cer
I also copy the server.keystore in jre/lib/security just in case
The attributes of the keys are CN=localhost ,ATHENS,ATHENS,ATHENS,GR
When i put back clientauth=true restart catalina 4.0.4 on WINDOWS XP
i get a page cannot displayed sign.
Am i doing somethig wrong..?
Any ideas are welcome..
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
