Win a copy of Re-engineering Legacy Software this week in the Refactoring forum
or Docker in Action in the Cloud/Virtualization forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

CLIENT-CERT / null cert chain

 
Pascal C.
Greenhorn
Posts: 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi everybody,

I want to configure Tomcat/4.1.27 in order to use the client certificate authentication. I first set up the SSL connector following the How-To.
So now my site runs under SSL without any problem.

Next,I build the client certificate with keytool, and store it into a file ( trust.keystore ). In my web.xml I change my BASIC into CLIENT-CERT :
<login-config>
<auth-method>CLIENT-CERT</auth-method>
<realm-name>Client certificate auth.</realm-name>
</login-config>

and in my server.xml :

<Connector className="org.apache.coyote.tomcat4.CoyoteConnector"
port="8443" minProcessors="5" maxProcessors="75"
enableLookups="true"
acceptCount="100" debug="0" scheme="https" secure="true"
useURIValidationHack="false" disableUploadTimeout="true"
>
<Factory className="org.apache.coyote.tomcat4.CoyoteServerSocketFactory"
clientAuth="false" protocol="TLS"
truststoreFile="c:\keystores\trust.keystore"
/>
</Connector>

When I connect to my protected JSP, I always get an error :
WARNING: Exception getting SSL Cert
javax.net.ssl.SSLHandshakeException: null cert chain.

I don't know if my configuration is OK. Where can be the problem ? Does anyone have an idea ?

Thanks a lot

Pascal.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic