You have to import the root CA into the java cacerts keystore Assuming a windows-java installation in "C:\j2sdk" the location is: C:\j2sdk\jre\lib\security\cacerts
using > cd C:\j2sdk\jre\lib\security > keytool -import -keystore cacerts -storepass changeit -file the-root-ca.cer did the job for me. Mario ----- Original Message ----- From: "Duma Rolando" <[EMAIL PROTECTED]> To: "Tomcat Users List" <[EMAIL PROTECTED]> Sent: Tuesday, June 10, 2003 9:24 AM Subject: Re: SSL client authentication with tomcat 4.1.24 > I'm still having trouble with my setup. > These are my keystore entries: > > Tipo keystore: jks > Provider keystore: SUN > > Il keystore contiene 3 entry > > scai, 10-giu-2003, keyEntry, > Impronta digitale certificato (MD5): > D5:FC:34:5E:12:03:CD:29:84:18:C9:4C:33:07:6C:5D > _dgripbmo, 10-giu-2003, trustedCertEntry, > Impronta digitale certificato (MD5): > F5:ED:E9:B2:D9:71:F9:B6:6F:E9:39:27:4D:0A:A4:F7 > dumarolando, 10-giu-2003, trustedCertEntry, > Impronta digitale certificato (MD5): > E6:8D:22:29:5C:33:20:52:10:75:6A:8E:5D:03:4C:B3 > > The second item is the CA certificate that signs my personal certificate, > the last is my personal certificate present also in my IE Personal > certificates tab.If nothing is missing and the browser still pops up an > empty personal certificate list, maybe there is a problem with the > cryptographic providers or with the encription algorithms used? > As a note my personal certificate is stored on a Gemplus smartcard connected > with a USB reader all works fine if I connect to an Apache server with > mod_ssl. > > ----- Original Message ----- > From: "Bill Barker" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Saturday, June 07, 2003 5:33 AM > Subject: Re: SSL client authentication with tomcat 4.1.24 > > > > I believe that the Sun 1.4 JVM ships with the certs for Verisign and > Thawte > > (to verify this, search the java.sun.com site). To allow OpenExchange > > signed certs, you need to get the signing cert (not hard), and import it > > into cacerts. > > > > "Mario Ivankovits" <[EMAIL PROTECTED]> wrote in message > > news:[EMAIL PROTECTED] > > > For me, it looks like some certificates cant be read by tomcat/ssl. > > > > > > So, my Thawte FreeMail Member certificate works, but the certificate > > > generated by SuSE OpenExchange wont work. > > > > > > I havent figured out what the difference could be for now. > > > > > > Mario > > > > > > ----- Original Message ----- > > > From: "Duma Rolando" <[EMAIL PROTECTED]> > > > To: "Tomcat Users List" <[EMAIL PROTECTED]> > > > Sent: Friday, June 06, 2003 1:40 PM > > > Subject: Re: SSL client authentication with tomcat 4.1.24 > > > > > > > > > > I have already imported my certificate.This is correctly showed if I > > > connect > > > > to an apache + mod-ssl server with "SSLVerifyClient require" > directive, > > so > > > I > > > > think the problem belongs to Tomcat SSL implementation or its > > > configuration. > > > > That's why I'm looking for people with positive experience on this > kind > > of > > > > setup. > > > > > > > > > > > > ----- Original Message ----- > > > > From: "Bodycombe, Andrew" <[EMAIL PROTECTED]> > > > > To: "'Tomcat Users List'" <[EMAIL PROTECTED]> > > > > Sent: Friday, June 06, 2003 12:58 PM > > > > Subject: RE: SSL client authentication with tomcat 4.1.24 > > > > > > > > > > > > > You need to import your personal certificate into your browser. > > > > > > > > > > In IE: > > > > > Select 'Internet Options' from the Tools Menu > > > > > Select the Content tab > > > > > Press the certificates button > > > > > > > > > > This takes you to the screen showing all your certificates > > > > > Select the 'Personal' tab > > > > > Press Import to import your certificate > > > > > > > > > > Andy > > > > > > > > > > -----Original Message----- > > > > > From: Duma Rolando [mailto:[EMAIL PROTECTED] > > > > > Sent: 06 June 2003 11:31 > > > > > To: Tomcat Mailing List > > > > > Subject: SSL client authentication with tomcat 4.1.24 > > > > > > > > > > > > > > > Is there anyone that have a running tomcat 4.1.24 standalone server > > with > > > > SSL > > > > > and clientAuth="true"? > > > > > My current config doesn't work ( i.e. Internet Explorer doesn't > > display > > > my > > > > > personal certificate, Mozilla displays an error message ).I tried > with > > > > only > > > > > one SSL connector on port 443 and with also an http connector on > port > > 80 > > > > > without success.I would like to know if I'm wasting time or there > are > > > > > "success stories" about this in this community. > > > > > > > > > > > > > > > > --------------------------------------------------------------------- > > > > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > > > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > > > > --------------------------------------------------------------------- > > > > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > > > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > > > > > --------------------------------------------------------------------- > > > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > > > > > > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
