By Date:	<-- -->
By Thread:	<-- -->

Tomcat and client certificates

From: Luis Henrique <luhenrique (at) gmail.com>
Date: Wed, 15 Feb 2006 08:00:51 -0300

Hi

I have followed all the instructions on this discussion, and i´m still
getting the error:

HTTP Status 400 - No client certificate chain in this request

Does the user cert that i´m using need to be "trusted" by cert of tomcat sever?


I´m using Apache Tomcat/5.5.15, on Win Xp Pro SP2

I have generated the 2 certs like described on:
http://tomcat.apache.org/tomcat-5.5-doc/ssl-howto.html

The acess to https://localhost:8443 works fine
But the access to the restricted area https://localhost:8443/teste
return the error:
HTTP Status 400 - No client certificate chain in this request

If i use the BASIC auth, it works, but with CLIENT-CERT it did not

Is there anything wrong with my configuration?

This are my configuration:

server.xml :
...

<Realm className="org.apache.catalina.realm.MemoryRealm" />
...
<Connector port="8443" maxHttpHeaderSize="8192"
               maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
               enableLookups="false" disableUploadTimeout="true"
               acceptCount="100" scheme="https" secure="true"
               clientAuth="want" sslProtocol="TLS"
		   keystoreFile="c:\\certificados\\tomcat.keystore" />
 	<Factory className="org.apache.catalina.net.SSLServerSocketFactory"
           clientAuth="want" protocol="TLS" />


tomcat-users.xml :
<tomcat-users>
  ...
  <role rolename="cert"/>
   <user username="CN=Luis Henrrique Spoladore Amaral, OU=UFSC,
O=UFSC, L=Floripa, ST=SC, C=BR" password="null" roles="cert"/>
</tomcat-users>


web.xml:
<?xml version="1.0" encoding="ISO-8859-1"?>

<!DOCTYPE web-app
    PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
    "http://java.sun.com/dtd/web-app_2_3.dtd";>

<web-app>

    <display-name>Bug 12218</display-name>
    <description>
      Test web app for bug 12218.
    </description>

    <security-constraint>
	<web-resource-collection>
	<web-resource-name>App</web-resource-name>
	    <url-pattern>/index.htm</url-pattern>
	</web-resource-collection>
	<auth-constraint>
	    <role-name>cert</role-name>
	</auth-constraint>
	<user-data-constraint>
	    <transport-guarantee>CONFIDENTIAL</transport-guarantee>
	</user-data-constraint>
    </security-constraint>

    <login-config>
      <auth-method>CLIENT-CERT</auth-method>
    </login-config>

    <security-role>
      <role-name>cert</role-name>
    </security-role>

</web-app>

Thanks for your help

Luis

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe (at) tomcat.apache.org
For additional commands, e-mail: users-help (at) tomcat.apache.org

Prev by Date: Problem with hosting web application on tomcat / error 404 for an exists file
Next by Date: Session Problems with Firefox
Previous by thread: Tomcat and client certificates
Next by thread: Why TC 5.5 vs TC4.1 (perf reasons)
Index(es):
- Main
- Thread