Hi All,
I have done the following to create a Trust Store for Tomcat to use:
Created a keystore with new certificate:
keytool -genkey -alias mycert -keyalg RSA -kaypass changeit -keystore
keystore.jks -storepass changeit
Exported certificate:
keytool -export -alias mycert -file mycert.cer -keystore keystore.jks
-storepass changeit
Imported certificate into trust store:
keytool -import -v -trustcacerts alias mycert -keypass changeit -file
mycert.cer -keystore cacerts.jks -storepass changeit
Added the following Connector into server.xml to allow Client Authentication:
<Connector
port="443"
scheme="https"
secure="true"
keystoreFile="C:/keystore.jks"
keystorePass="changeit"
keystoreType="JKS"
keyAlias="mykey"
truststoreFile="C:/cacerts.jks"
truststorePass="changeit"
truststoreType="JKS"
sslProtocol="TLS"
maxSpareThreads="75"
maxThreads="350"
uRIEncoding="UTF-8"
minSpareThreads="25"
clientAuth="true">
</Connector>
After starting Tomcat up, using netstat I can see that port 443 is listening...
When using IE to test the connection to the https default page I get
IE's no communication web page displayed. If I use Firefox this gives
me the following error: SSL peer cannot verify your certificate (Error
code: ssl_error_bad_cert_alert)
I was expecting a message to say that the client needs a client
certificate? I then installed the client certificate mycert.cer into
the client browsers, but has no effect and I still recevie the same
error messages.
To check that I have SSL correctly installed, if I change
clientAuth="true" to clientAuth="false" then default Tomcatwebpage is
displayed within the browsers.
What have I done wrong? I am thinking that it is the way that I have
created the Trust store that is the problem?
Thanks for any help in advance...
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
