Hey.. if you are able to read this again, what I am trying to do now is, set the same thing up in a UNIX box. I created the client keys as i had done previously and exported the key to my local machine so that I can import it into my firefox. however, when i try to import the pkcs12 key.. it is not able to recognize the password i gave. it kept complaining that the password is incorrect.
is it because of trying to use a key on windows that was created on UNIX? Do you think the key is tampered when i do a file transfer? how can i resolve this? Thanks much. aravidu wrote: > > I tried your steps and it worked!!! Thank you very very much!! You are > awesome!! :-) > > > Ognjen Blagojevic-5 wrote: >> >> On 20.8.2010 0:44, aravidu wrote: >>> I don't have a client.keystore. >>> >>> Commands I used for creating a truststore& adding keys to it: >>> keytool" -export -alias clientcert -file client-cert.cer -keystore >>> tomcat.truststore >>> keytool" -import -file client-cert.cer -alias clientcert -keystore >>> tomcat.truststore >> >> That is wrong since you are configuring Tomcat to trust itself. >> >> What you need to do is to configure Tomcat to trust the client, and to >> add client *private and public key* (pkcs12 file) to Firefox. So, you >> don't import .cert file (that is just public key) into Firefox but >> .pkcs12/.p12 file (it contains both private and public key). >> >> You need to delete tomcat.truststore you created, and do steps 2-5 as I >> described: >> >>>> 2. generate ClientPublic+ClientPrivate in, say, client.keystore file, >>>> 3. import ClientPublic in tomcat.truststore, and >>>> 4. import ClientPublic+ClientPrivate (usually in form of pkcs12 file) >>>> in >>>> firefox ("Your certificates" tab inside certificate manager). >>>> 5. import ServerPublic in firefox >>>> >>>> Something like this: >>>> >> (...) >>>> 2. keytool -genkeypair -keystore client.keystore ... >>>> >>>> 3a. keytool -exportcert -keystore client.keystore -file client.cert ... >>>> 3b. keytool -importcert -keystore server.truststore -file client.cert >>>> ... >>>> >>>> 4a. convert client.keystore to client.pkcs12 (google for that) >>>> 4b. Firefox, Tools, Options, Advanced, View Certificates, Your >>>> certificates, Import, client.pkcs12 >>>> >>>> 5. Point firefox to webapp, add security exception. >> >> Regards, >> Ognjen >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >> For additional commands, e-mail: users-h...@tomcat.apache.org >> >> >> > > -- View this message in context: http://old.nabble.com/tomcat-mutual-authentication-doesn%27t-work-tp29486233p29600943.html Sent from the Tomcat - User mailing list archive at Nabble.com. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org