• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

SSL authentication in tomcat

 
Greenhorn
Posts: 7
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
# Create the server and application client key stores and certificates
keytool -genkeypair -alias serverkey -keyalg RSA -keysize 2048 -dname "CN=Server,OU=Application Development,O=Home,L=Auckland,S=AK,C=NZ" -keypass 123456 -storepass 123456 -keystore server.jks
keytool -genkeypair -alias clientkey -keyalg RSA -keysize 2048 -dname "CN=Client,OU=Application Development,O=Home,L=Auckland,S=AK,C=NZ" -keypass 123456 -storepass 123456 -keystore client.jks

# Copy the client's public certificate to the server's keystore
keytool -exportcert -keystore d:\client.jks -storepass 123456 -file d:\client-public.cer -alias clientkey
keytool -importcert -keystore d:\server.jks -storepass 123456 -file d:\client-public.cer -alias clientcert -noprompt

# Take a peek at the server's keystore to make sure that the client's certificate is there
keytool -v -list -keystore d:\server.jks -storepass 123456

# Copy the server's public certificate to the client's keystore
keytool -exportcert -keystore d:\server.jks -storepass 123456 -file d:\server-public.cer -alias serverkey
keytool -importcert -keystore d:\client.jks -storepass 123456 -file d:\server-public.cer -alias servercert -noprompt

# Take a peek at the client's keystore to make sure that the client's certificate is there
keytool -v -list -keystore d:\client.jks -storepass 123456

# Create a browser keystore most browsers can read easily
keytool -importkeystore -srckeystore d:\client.jks -srcstorepass 123456 -srcalias clientkey -destkeystore d:\client.p12 -deststoretype PKCS12 -deststorepass 123456 -destalias clientkey -noprompt

# Take a peek at the browser's keystore to make sure that the client's certificate is there
keytool -v -list -keystore d:\client.p12 -storetype pkcs12 -storepass 123456

keytool -importcert -trustcacerts -alias clientkey -keystore D:\sslkeys\client.jks -file D:\sslkeys\cacert.pem



by using the above commands i created client and server certificates.

in application web.xml
fallowing security securtiy constarint was given
<security-constraint>
<web-resource-collection>
<web-resource-name>Secure Task Services</web-resource-name>
<url-pattern>/rest/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>CLIENT-CERT</auth-method>
</login-config>

in Tomcat server server.xml

<Connector clientAuth="false" port="8443" minSpareThreads="5" maxSpareThreads="75"
enableLookups="true" disableUploadTimeout="true"
acceptCount="100" maxThreads="200"
scheme="https" secure="true" SSLEnabled="true"
keystoreFile="D:/sslkeys/client.jks" keystoreType="JKS" keystorePass="123456"
truststoreFile="D:/sslkeys/server.jks" truststoreType="JKS" truststorePass="123456"
SSLVerifyClient="require" SSLEngine="on" SSLVerifyDepth="2"
sslProtocol="SSL"
allowUnsafeLegacyRenegotiation="true"
/>

I am getting https://.....while giving request. but i am getting socket error exception.
please some body give me the solution
 
Consider Paul's rocket mass heater.
reply
    Bookmark Topic Watch Topic
  • New Topic