Good Evening Fred
It appears your connector in server.xml does not have CertificatePath and or
RequestPath defined
keep in mind that all of the paths unless otherwise specified are relative to
$CATALINA+BASE
Here is an example of connector parameters to get you started
<connector
scheme="https" secure="true"
SSLVerifyClient="require" SSLEngine="on" SSLVerifyDepth="3"
sslProtocol="TLSv1"
SSLOptions="+StdEnvVars +CompatEnvVars +ExportCertData"
SSLCertificateFile="${catalina.base}/conf/localhost_pem.crt"
SSLCertificateKeyFile="${catalina.base}/conf/localhost.key"
SSLCACertificateFile="${catalina.base}/conf/SSLCACertificateFile.pem"
SSLCACertificatePath="${catalina.base}/conf/ssl.crt/"
SSLCertificateChainFile="${catalina.base}/conf/SSLCACertificateFile.pem"
SSLCertificateChainPath="${catalina.base}/conf/ssl.crt/"
SSLCADNRequestFile="${catalina.base}/conf/SSLCACertificateFile.pem"
SSLCADNRequestPath="${catalina.base}/conf/ssl.crt/"
/>
http://tomcat.apache.org/tomcat-5.5-doc/ssl-howto.html
HTH
M--
---------------------------------------------------------------------------
This e-mail message (including attachments, if any) is intended for the use of
the individual or entity to which it is addressed and may contain information
that is privileged, proprietary , confidential and exempt from disclosure. If
you are not the intended recipient, you are notified that any dissemination,
distribution or copying of this communication is strictly prohibited.
---------------------------------------------------------------------------
Le présent message électronique (y compris les pièces qui y sont annexées, le
cas échéant) s'adresse au destinataire indiqué et peut contenir des
renseignements de caractère privé ou confidentiel. Si vous n'êtes pas le
destinataire de ce document, nous vous signalons qu'il est strictement interdit
de le diffuser, de le distribuer ou de le reproduire.
----- Original Message -----
From: "Thurber, Fred" <[EMAIL PROTECTED]>
To: <[email protected]>
Sent: Wednesday, February 28, 2007 4:50 PM
Subject: Tomcat Smart Card (CAC card) problem
I am trying to get a smart card to work with Tomcat. The smart card in
question is a DoD CAC (Common Access Card).
I believe that I have setup my Connector element correctly in my server.xml:
<Connector port="8443"
enableLookups="true"
disableUploadTimeout="true"
debug="1"
acceptCount="10" scheme="https" secure="true"
clientAuth="true"
sslProtocol="TLS"
keystoreFile="<deleted>\.keystore"
/>
The issue seems to be with the IE /Tomat handshake. When IE hits my Tomcat
site, it puts up a dialog with a title of "Choose a Digital Certificate".
However the list of certificates to choose from is empty.
The certificates are loaded into my IE browser. It seem to work with IIS.
When I hit an IIS site, the same form comes up, but the form is pre-populated
with the list of certifcates.
Why doesn't IE show the certificates when accessing Tomcat but does when
accessing IIS?
---------------------------------------------------------------------
To start a new topic, e-mail: [email protected]
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
