Hey.. if you are able to read this again, what I am trying to do now is, set
the same thing up in a UNIX box. I created the client keys as i had done
previously and exported the key to my local machine so that I can import it
into my firefox. however, when i try to import the pkcs12 key.. it is not
able to recognize the password i gave. it kept complaining that the password
is incorrect.
is it because of trying to use a key on windows that was created on UNIX? Do
you think the key is tampered when i do a file transfer? how can i resolve
this?
Thanks much.
aravidu wrote:
>
> I tried your steps and it worked!!! Thank you very very much!! You are
> awesome!! :-)
>
>
> Ognjen Blagojevic-5 wrote:
>>
>> On 20.8.2010 0:44, aravidu wrote:
>>> I don't have a client.keystore.
>>>
>>> Commands I used for creating a truststore& adding keys to it:
>>> keytool" -export -alias clientcert -file client-cert.cer -keystore
>>> tomcat.truststore
>>> keytool" -import -file client-cert.cer -alias clientcert -keystore
>>> tomcat.truststore
>>
>> That is wrong since you are configuring Tomcat to trust itself.
>>
>> What you need to do is to configure Tomcat to trust the client, and to
>> add client *private and public key* (pkcs12 file) to Firefox. So, you
>> don't import .cert file (that is just public key) into Firefox but
>> .pkcs12/.p12 file (it contains both private and public key).
>>
>> You need to delete tomcat.truststore you created, and do steps 2-5 as I
>> described:
>>
>>>> 2. generate ClientPublic+ClientPrivate in, say, client.keystore file,
>>>> 3. import ClientPublic in tomcat.truststore, and
>>>> 4. import ClientPublic+ClientPrivate (usually in form of pkcs12 file)
>>>> in
>>>> firefox ("Your certificates" tab inside certificate manager).
>>>> 5. import ServerPublic in firefox
>>>>
>>>> Something like this:
>>>>
>> (...)
>>>> 2. keytool -genkeypair -keystore client.keystore ...
>>>>
>>>> 3a. keytool -exportcert -keystore client.keystore -file client.cert ...
>>>> 3b. keytool -importcert -keystore server.truststore -file client.cert
>>>> ...
>>>>
>>>> 4a. convert client.keystore to client.pkcs12 (google for that)
>>>> 4b. Firefox, Tools, Options, Advanced, View Certificates, Your
>>>> certificates, Import, client.pkcs12
>>>>
>>>> 5. Point firefox to webapp, add security exception.
>>
>> Regards,
>> Ognjen
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>> For additional commands, e-mail: users-h...@tomcat.apache.org
>>
>>
>>
>
>
--
View this message in context:
http://old.nabble.com/tomcat-mutual-authentication-doesn%27t-work-tp29486233p29600943.html
Sent from the Tomcat - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
