.
Hi.
I am trying to set up mutual authentication with
tomcat.
I am able set up only server authentication by using
java keytool and setting clientAuth="false".
now i want to set tup client authnetication i set the clientAuth="true"
created keystore with self signed certificates for both server and client..
set the ssl keystore path to this key store .
i enables ssl log for tomcat.
what i see is the log shows only entry for tomcat key entry. for the server certificate.
it does not show the client certificate.
I m sure my keystore has client certificate.
i know this when i lsited the entries in the key store.
$ keytool -list -keystore tomcat2.keystore
Enter keystore password:
Keystore type: JKS
Keystore provider: SUN
Your keystore contains 3 entries
roopa, Jul 29, 2009, trustedCertEntry,
Certificate fingerprint (MD5): AD:D8:7B:88:5F:D0:A2:3E:6B:E4:8C:6D:29:CC:B5:A2
tomcat, Jul 24, 2009, PrivateKeyEntry,
Certificate fingerprint (MD5): 34:52:19:6D:3C:06:A8:91:12:4B:F2:1A:B7:1E:5D:4A
mykey, Jul 24, 2009, trustedCertEntry,
Certificate fingerprint (MD5): DE:A7:59:23:09:FF:BC:C4:EC:5B:73:6C:BB:B9:ED:25
I also imported the p12 client certificate into the web browser and tried. it did not work.
I see it that tomcat itself is not able to load the certificate named with alias roopa here.
Where could i go wrong.?
I also tried to import these self signed client certificates into cacerts.jks .it loads all commercial CA certificates but not the self signed client certificates i created.
to work with tomcat the client certificates have to be
CA certified??.
all the information i got from website show that these steps should be enough to make client authentication work.
But its not working for me here..
Here is my server.xml conf.
<Connector port="8443" protocol="org.apache.coyote.http11.Http11Protocol"
SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
debug="5" clientAuth="true" keystoreFile="c:\Roopa\test\tomcat2.keystore" keystorePass="roopanov14" truststorefile="c:\Roopa\test\tomcat2.keystore" truststorepass="roopanov14" sslProtocol="TLS" />.
the password and the path to keystore are correct.
it is loading entry for tomcat.
but not the client certificate entries..
can anybody tell me whats going on where i m going wrong.??
thanks
Roopa.