Mark, Fantastic, thanks for that. I have a new problem now. Nov 10, 2006 5:56:17 PM org.apache.tomcat.util.net.jsse.JSSE14Support synchronousHandshake INFO: SSL Error getting client Certs javax.net.ssl.SSLHandshakeException: null cert chain at com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.a(DashoA12275) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA12275) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA12275) at com.sun.net.ssl.internal.ssl.SunJSSE_aw.a(DashoA12275) at com.sun.net.ssl.internal.ssl.SunJSSE_aw.a(DashoA12275) at com.sun.net.ssl.internal.ssl.SunJSSE_ax.a(DashoA12275) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA12275) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA12275) at com.sun.net.ssl.internal.ssl.AppInputStream.read(DashoA12275) at java.io.InputStream.read(InputStream.java:89) at org.apache.tomcat.util.net.jsse.JSSE14Support.synchronousHandshake(JSSE1 4Support.java:88) at org.apache.tomcat.util.net.jsse.JSSE14Support.handShake(JSSE14Support.ja va:67) at org.apache.tomcat.util.net.jsse.JSSESupport.getPeerCertificateChain(JSSE Support.java:120) at org.apache.coyote.http11.Http11Processor.action(Http11Processor.java:104 9) at org.apache.coyote.Request.action(Request.java:361) at org.apache.coyote.tomcat5.CoyoteRequest.getAttribute(CoyoteRequest.java: 929) at org.apache.coyote.tomcat5.CoyoteRequestFacade.getAttribute(CoyoteRequest Facade.java:214) at org.apache.catalina.authenticator.SSLAuthenticator.authenticate(SSLAuthe nticator.java:137) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(Authenticator Base.java:504) at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveCo ntext.java:102) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:5 20) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java :137) at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveCo ntext.java:104) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java :117) at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveCo ntext.java:102) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:5 20) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve. java:109) at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveCo ntext.java:104) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:5 20) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:929) at org.apache.coyote.tomcat5.CoyoteAdapter.service(CoyoteAdapter.java:160) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:79 9) at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processC onnection(Http11Protocol.java:705) at org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java:57 7) at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool .java:683) at java.lang.Thread.run(Thread.java:534) Nov 10, 2006 5:56:17 PM org.apache.coyote.http11.Http11Processor action WARNING: Exception getting SSL Cert javax.net.ssl.SSLHandshakeException: null cert chain at com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.a(DashoA12275) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA12275) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA12275) at com.sun.net.ssl.internal.ssl.SunJSSE_aw.a(DashoA12275) at com.sun.net.ssl.internal.ssl.SunJSSE_aw.a(DashoA12275) at com.sun.net.ssl.internal.ssl.SunJSSE_ax.a(DashoA12275) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA12275) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA12275) at com.sun.net.ssl.internal.ssl.AppInputStream.read(DashoA12275) at java.io.InputStream.read(InputStream.java:89) at org.apache.tomcat.util.net.jsse.JSSE14Support.synchronousHandshake(JSSE1 4Support.java:88) at org.apache.tomcat.util.net.jsse.JSSE14Support.handShake(JSSE14Support.ja va:67) at org.apache.tomcat.util.net.jsse.JSSESupport.getPeerCertificateChain(JSSE Support.java:120) at org.apache.coyote.http11.Http11Processor.action(Http11Processor.java:104 9) at org.apache.coyote.Request.action(Request.java:361) at org.apache.coyote.tomcat5.CoyoteRequest.getAttribute(CoyoteRequest.java: 929) at org.apache.coyote.tomcat5.CoyoteRequestFacade.getAttribute(CoyoteRequest Facade.java:214) at org.apache.catalina.authenticator.SSLAuthenticator.authenticate(SSLAuthe nticator.java:137) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(Authenticator Base.java:504) at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveCo ntext.java:102) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:5 20) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java :137) at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveCo ntext.java:104) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java :117) at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveCo ntext.java:102) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:5 20) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve. java:109) at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveCo ntext.java:104) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:5 20) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:929) at org.apache.coyote.tomcat5.CoyoteAdapter.service(CoyoteAdapter.java:160) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:79 9) at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processC onnection(Http11Protocol.java:705) at org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java:57 7) at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool .java:683) at java.lang.Thread.run(Thread.java:534)
I think I have an issue with how my client is sending the certificate. I thought tomcat handled this automatically. Is my assumption correct? Regards, Andrew Friebel -----Original Message----- From: Mark Thomas [mailto:[EMAIL PROTECTED] Sent: Friday, 10 November 2006 11:33 AM To: Tomcat Users List Subject: Re: Accessing ssl pages using client authentication Andrew Friebel wrote: > <login-config> > <auth-method>CLIENT_CERT</auth-method> > <realm-name>My Test Realm</realm-name> > </login-config> You want CLIENT-CERT here. Note the hyphen rather than the underscore. Mark --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]