Hi Diego, Thanks. clientAuth="true" Is not valid attribute for connector in tomcat 8.5.15. I have tried setting certificateVerifucation as required but application URL is not reachable and it was complaining about certificate.
Can I set the truststore in SSLContext before making outbound call?.will it trust the client request. Let me enable SSL debug and check the log as well. Thanks Vinoth On Tuesday, August 15, 2017, Macca, Diego <diego.ma...@ecb.int> wrote: > Hi, > You need to set clientAuth="true" in the connector or, for some reason > unknown to me (probably something changed in Java from rel. 6/7 on), Tomcat > will not enforce the 2 way ssl. > > You can see what is going on (certificates exchange) with an ssl debug. > > Kind Regards, > Diego Macca > Senior IT Specialist > > DG-IS/EDA - Executional Domain Applications > EUROPEAN CENTRAL BANK > Tel.: +49 (69) 1344 6991 > E-mail: diego.ma...@ecb.europa.eu <javascript:;> > www.ecb.europa.eu > www.youtube.com/ecbeuro > https://twitter.com/ecb > > > -----Original Message----- > From: Vinoth Raja [mailto:rbvdvin...@gmail.com <javascript:;>] > Sent: 15 August 2017 10:50 > To: Tomcat Users List > Subject: 2 Way SSL integration with Webservices - Inbound connection not > trusted > > Hi, > > Please advise on the step to resolve the issue encountered in 2way SSL > > Tomcat version used : apache-tomcat-8.5.15 Java Version used: jdk1.8.0_131 > > *Problem statement: *Tomcat doesn't trust the inbound connection. > > We have web application deployed in tomcat and it integrated with web > services. > 2 way SSL is enabled. > Webservice client deployed in Tomcat send the certificate to webservices > and it is trusted. > Tomcat doesn't trust certificate sent by the webservices. > It seems to ignore the client validation and allow the communication. > > *step followed to implement 2 way SSL from application* > > We set the keystore and trust store to be used for communication. so it > takes the cert from key store for outbound and trust the cert for inbound > connections. > > System.setProperty("javax.net.ssl.trustStoreType", "JKS"); > System.setProperty("javax.net.ssl.keyStoreType", "JKS"); > System.setProperty("javax.net.ssl.trustStore","TrustStore.jks"); > System.setProperty("javax.net.ssl.keyStore","KeyStore.jks"); > System.setProperty("javax.net.ssl.trustStorePassword","changeit"); > System.setProperty("javax.net.ssl.keyStorePassword","changeit"); > > It sends the certificate for other system to trust but it doesn't trust > the incoming connection. > > > Please advise on the configuration to trust the incoming connection. > > > Thanks > Vinoth > Any e-mail message from the European Central Bank (ECB) is sent in good > faith, but shall neither be binding nor construed as constituting a > commitment by the ECB except where provided for in a written agreement. > This e-mail is intended only for the use of the recipient(s) named above. > Any unauthorised disclosure, use or dissemination, either in whole or in > part, is prohibited. If you have received this e-mail in error, please > notify the sender immediately via e-mail and delete this e-mail from your > system. The ECB processes personal data in line with Regulation (EC) No > 45/2001 and Decision ECB/2007/1. For any further information you can > consult the Data Protection Disclaimer on the ECB webpage. In case of > queries, please contact the ECB Data Protection Officer (d...@ecb.europa.eu > <javascript:;>). You may also contact the European Data Protection > Supervisor. >
