Hi all again I am trying to work with tomcat and ssl with clientauth=true. I am trying to access the Tomcat on localhost and supply the client certificate through IE In tomcat i have a servlet which will print the certificate eventually. Here are the steps i take 1.<snip server.xml> <Connector className="org.apache.catalina.connector.http.HttpConnector"
port="8443" minProcessors="5" maxProcessors="75" enableLookups="true" acceptCount="10" debug="0" scheme="https" secure="true"> <Factory className="org.apache.catalina.net.SSLServerSocketFactory" clientAuth="auth" protocol="TLS" keystoreFile="c:\keystore\server.keystore" keystorePass="771652"/> </Connector> </snip> 2. Create the server.keystore keytool -genkey -alias pask -keyalg rsa -keystore c:\keystore\server.keystore 3.export the key to be put in IE Trust Root Dir keytool -export -alias pask -keystore c:\keystore\server.keystore -file server.cer 4.In IE Content import the server.cer into Trust Root Dir providers Up to here if i put clientauth=false in server xml i have https connection to tomcat with the IE showing it is SECURE the lock appears. 5.Now on the same machine i create the client certificate keytool -genkey -alias pskon -keyalg rsa -keystore c:\keystore\client.keystore keytool -export -alias pskon -keystore c:\keystore\client.keystore -file cl.cer keytool -import -alias pskon -keystore c:\keystore\server.keystore -file cl.cer I also copy the server.keystore in jre/lib/security just in case The attributes of the keys are CN=localhost ,ATHENS,ATHENS,ATHENS,GR When i put back clientauth=true restart catalina 4.0.4 on WINDOWS XP i get a page cannot displayed sign. Am i doing somethig wrong..? Any ideas are welcome.. -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>