RE: Accessing ssl pages using client authentication

Thu, 09 Nov 2006 21:26:05 -0800 

Mark,
        Fantastic, thanks for that.  I have a new problem now.

Nov 10, 2006 5:56:17 PM org.apache.tomcat.util.net.jsse.JSSE14Support
synchronousHandshake
INFO: SSL Error getting client Certs
javax.net.ssl.SSLHandshakeException: null cert chain
        at com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.a(DashoA12275)
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA12275)
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA12275)
        at com.sun.net.ssl.internal.ssl.SunJSSE_aw.a(DashoA12275)
        at com.sun.net.ssl.internal.ssl.SunJSSE_aw.a(DashoA12275)
        at com.sun.net.ssl.internal.ssl.SunJSSE_ax.a(DashoA12275)
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA12275)
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA12275)
        at com.sun.net.ssl.internal.ssl.AppInputStream.read(DashoA12275)
        at java.io.InputStream.read(InputStream.java:89)
        at
org.apache.tomcat.util.net.jsse.JSSE14Support.synchronousHandshake(JSSE1
4Support.java:88)
        at
org.apache.tomcat.util.net.jsse.JSSE14Support.handShake(JSSE14Support.ja
va:67)
        at
org.apache.tomcat.util.net.jsse.JSSESupport.getPeerCertificateChain(JSSE
Support.java:120)
        at
org.apache.coyote.http11.Http11Processor.action(Http11Processor.java:104
9)
        at org.apache.coyote.Request.action(Request.java:361)
        at
org.apache.coyote.tomcat5.CoyoteRequest.getAttribute(CoyoteRequest.java:
929)
        at
org.apache.coyote.tomcat5.CoyoteRequestFacade.getAttribute(CoyoteRequest
Facade.java:214)
        at
org.apache.catalina.authenticator.SSLAuthenticator.authenticate(SSLAuthe
nticator.java:137)
        at
org.apache.catalina.authenticator.AuthenticatorBase.invoke(Authenticator
Base.java:504)
        at
org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveCo
ntext.java:102)
        at
org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:5
20)
        at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java
:137)
        at
org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveCo
ntext.java:104)
        at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java
:117)
        at
org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveCo
ntext.java:102)
        at
org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:5
20)
        at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.
java:109)
        at
org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveCo
ntext.java:104)
        at
org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:5
20)
        at
org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:929)
        at
org.apache.coyote.tomcat5.CoyoteAdapter.service(CoyoteAdapter.java:160)
        at
org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:79
9)
        at
org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processC
onnection(Http11Protocol.java:705)
        at
org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java:57
7)
        at
org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool
.java:683)
        at java.lang.Thread.run(Thread.java:534)
Nov 10, 2006 5:56:17 PM org.apache.coyote.http11.Http11Processor action
WARNING: Exception getting SSL Cert
javax.net.ssl.SSLHandshakeException: null cert chain
        at com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.a(DashoA12275)
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA12275)
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA12275)
        at com.sun.net.ssl.internal.ssl.SunJSSE_aw.a(DashoA12275)
        at com.sun.net.ssl.internal.ssl.SunJSSE_aw.a(DashoA12275)
        at com.sun.net.ssl.internal.ssl.SunJSSE_ax.a(DashoA12275)
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA12275)
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA12275)
        at com.sun.net.ssl.internal.ssl.AppInputStream.read(DashoA12275)
        at java.io.InputStream.read(InputStream.java:89)
        at
org.apache.tomcat.util.net.jsse.JSSE14Support.synchronousHandshake(JSSE1
4Support.java:88)
        at
org.apache.tomcat.util.net.jsse.JSSE14Support.handShake(JSSE14Support.ja
va:67)
        at
org.apache.tomcat.util.net.jsse.JSSESupport.getPeerCertificateChain(JSSE
Support.java:120)
        at
org.apache.coyote.http11.Http11Processor.action(Http11Processor.java:104
9)
        at org.apache.coyote.Request.action(Request.java:361)
        at
org.apache.coyote.tomcat5.CoyoteRequest.getAttribute(CoyoteRequest.java:
929)
        at
org.apache.coyote.tomcat5.CoyoteRequestFacade.getAttribute(CoyoteRequest
Facade.java:214)
        at
org.apache.catalina.authenticator.SSLAuthenticator.authenticate(SSLAuthe
nticator.java:137)
        at
org.apache.catalina.authenticator.AuthenticatorBase.invoke(Authenticator
Base.java:504)
        at
org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveCo
ntext.java:102)
        at
org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:5
20)
        at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java
:137)
        at
org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveCo
ntext.java:104)
        at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java
:117)
        at
org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveCo
ntext.java:102)
        at
org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:5
20)
        at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.
java:109)
        at
org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveCo
ntext.java:104)
        at
org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:5
20)
        at
org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:929)
        at
org.apache.coyote.tomcat5.CoyoteAdapter.service(CoyoteAdapter.java:160)
        at
org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:79
9)
        at
org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processC
onnection(Http11Protocol.java:705)
        at
org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java:57
7)
        at
org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool
.java:683)
        at java.lang.Thread.run(Thread.java:534)


I think I have an issue with how my client is sending the certificate.
I thought tomcat handled this automatically.  Is my assumption correct?


Regards,
Andrew Friebel

-----Original Message-----
From: Mark Thomas [mailto:[EMAIL PROTECTED] 
Sent: Friday, 10 November 2006 11:33 AM
To: Tomcat Users List
Subject: Re: Accessing ssl pages using client authentication

Andrew Friebel wrote:
>   <login-config>
>      <auth-method>CLIENT_CERT</auth-method>
>      <realm-name>My Test Realm</realm-name>
>   </login-config>

You want CLIENT-CERT here. Note the hyphen rather than the underscore.

Mark


---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to