1)Setup clientAuth="false" (among the rest Connector data in server.xml), all works fine (Firfox asks for certificate on attempt to open on https://...:8443), opens the page when I import certificate.
2)Change to clientAuth="true"
WORKS FINE FOR THE VERY FIRST TIME (certificate is there form previous test). When I delete certificate, I get security warning (Secure Connection Failed - as expected).
But when I re-introduce certificate, I got the error message:
An error occurred during a connection to ...:8443. SSL peer was not expecting a handshake message it received. (Error code: ssl_error_handshake_unexpected_alert)
This is the very same error message as if I instead of importing certificate just tried to "add exception".
This is tested on FIREFOX 3.0.3.
Under IE 6.0.2... I just get:
Cannot find server or DNS Error
When clientAuth="false" IE work kind of expected way.
After tests I run at work, I have repeated the same process at home, with the same results.
Is this client issue? Or Tomcat/Jboss thing? Any experience with this kind of setup? Any one have it up and running with expected results?
Joined: Nov 20, 2008
Problem solved, truststoreFile was not set up properly.
Joined: Dec 22, 2008
I had the same problem, and apparently, neither Firefox nor IE allow you to see the certificates in your browser if their root CAs are not listed in the truststore file. So, to solve this problem, you need to get all the certificates in the chain until the root certificate from the client side, and add all of them in the truststore.