tomcat mutual authentication doesn't work

Thu, 19 Aug 2010 13:35:59 -0700 

Hi All,

I am trying to setup mutual authentication for an app in tomcat/webapps/
folder. 

I have done the following to create a Trust Store for Tomcat 6.0 to use:

I created the keystore and truststore too. keystore has a PrivateKeyEntry
and truststore has a trustedCertEntry. 

Here is my server.xml config: 

<Connector 
                   port="8443" 
                   enableLookups="true"
                   acceptCount="100"
                   connectionTimeout="20000"
                   useURIValidationHack="false" 
                   disableUploadTimeout="true"
                   scheme="https"
                   secure="true" 
                   SSLEnabled="true"
                   clientAuth="true" 
                   sslProtocol="TLS" 
                   keystoreFile="C:/Apache Software Foundation/Tomcat
6.0/conf/tomcat.keystore"
                   keystorePass="server"
                   truststoreFile="C:/Apache Software Foundation/Tomcat
6.0/conf/tmp/tomcat.truststore"
                   truststorePass="client"/>

Here is my /tomcat/conf/web.xml config: 
<web-app>
 ......
    <security-constraint>
        <web-resource-collection>
            <web-resource-name>myapp</web-resource-name>
            <url-pattern>/*</url-pattern>
        </web-resource-collection>
    </security-constraint>
    <login-config>
      <auth-method>CLIENT-CERT</auth-method>
    </login-config>
 .....
</web-app>

My tomcat https port is 8443 (https://localhost:8443/myapp). When I try to
access using firefox, it gives me the following error: 

SSL peer cannot verify your certificate (Errorcode:
ssl_error_bad_cert_alert)

This is after I imported the server certificate and have the client
certificate (same as the one in truststore) installed in my firefox. 

If I change the clientAuth="false", it works fine, with just server
authentication.. doesn't care for whether client has a certificate or not. 

Can someone please help? I have read so many articles online but this seems
to be the gist of most of the articles. Do i have to create any roles and/or
change tomcat-users.xml too?

Please help. I need to get this working!! :-((

-- 
View this message in context: 
http://old.nabble.com/tomcat-mutual-authentication-doesn%27t-work-tp29486233p29486233.html
Sent from the Tomcat - User mailing list archive at Nabble.com.


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Reply via email to