Re: Tomcat and client certificates

Wed, 15 Feb 2006 03:01:16 -0800 

Hi

I have followed all the instructions on this discussion, and i´m still
getting the error:

HTTP Status 400 - No client certificate chain in this request

Does the user cert that i´m using need to be "trusted" by cert of tomcat sever?


I´m using Apache Tomcat/5.5.15, on Win Xp Pro SP2

I have generated the 2 certs like described on:
http://tomcat.apache.org/tomcat-5.5-doc/ssl-howto.html

The acess to https://localhost:8443 works fine
But the access to the restricted area https://localhost:8443/teste
return the error:
HTTP Status 400 - No client certificate chain in this request

If i use the BASIC auth, it works, but with CLIENT-CERT it did not

Is there anything wrong with my configuration?

This are my configuration:

server.xml :
...

<Realm className="org.apache.catalina.realm.MemoryRealm" />
...
<Connector port="8443" maxHttpHeaderSize="8192"
               maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
               enableLookups="false" disableUploadTimeout="true"
               acceptCount="100" scheme="https" secure="true"
               clientAuth="want" sslProtocol="TLS"
                   keystoreFile="c:\\certificados\\tomcat.keystore" />
        <Factory className="org.apache.catalina.net.SSLServerSocketFactory"
           clientAuth="want" protocol="TLS" />


tomcat-users.xml :
<tomcat-users>
  ...
  <role rolename="cert"/>
   <user username="CN=Luis Henrrique Spoladore Amaral, OU=UFSC,
O=UFSC, L=Floripa, ST=SC, C=BR" password="null" roles="cert"/>
</tomcat-users>


web.xml:
<?xml version="1.0" encoding="ISO-8859-1"?>

<!DOCTYPE web-app
    PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
    "http://java.sun.com/dtd/web-app_2_3.dtd";>

<web-app>

    <display-name>Bug 12218</display-name>
    <description>
      Test web app for bug 12218.
    </description>

    <security-constraint>
        <web-resource-collection>
        <web-resource-name>App</web-resource-name>
            <url-pattern>/index.htm</url-pattern>
        </web-resource-collection>
        <auth-constraint>
            <role-name>cert</role-name>
        </auth-constraint>
        <user-data-constraint>
            <transport-guarantee>CONFIDENTIAL</transport-guarantee>
        </user-data-constraint>
    </security-constraint>

    <login-config>
      <auth-method>CLIENT-CERT</auth-method>
    </login-config>

    <security-role>
      <role-name>cert</role-name>
    </security-role>

</web-app>

Thanks for your help

Luis

---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to