Unable to turn on clientAuth=true in Tomcat 6
0 posts in topic
Thread View Thread View
TOPIC ACTIONS:
 

Unable to turn on clientAuth=true in Tomcat 6...
izyani
Mon Aug 06, 2012 11:57 PM

 

 

 

http://threebit.net/mail-archive/tomcat-users/msg06848.html

1-create keystore for tomcat server

keytool -genkey -alias tomcat -keyalg RSA -keysize

1024 -keystore c:\tomcat.jks -storetype JKS

 

2-create certificate request for the web server

 

keytool -certreq -keyalg RSA -alias tomcat -keystore c:\tomcat.jks
 
copy the NEW CERTIFICATE REQUEST" to "CERTIFICATE REQUEST" – sign by MIMOS CA
			 
			3-import MIMOS CA cert to server keystore
		
 keytool -import -alias mimosca -keystore c:\tomcat.jks -trustcacerts –c:\MIMOSCA.crt
			4-import signed server cert to server keystore
			keytool -import -alias tomcat -keystore c:\tomcat.jks -trustcacerts –c:\tomcat.crt
		
			5-create a client keystore
			keytool -genkey -alias mykey -keyalg RSA -keysize
			1024 -keystore c:\identity.jks -storetype JKS
		
			
				6-create certificate request for the client
			
			keytool -certreq -keyalg RSA -alias mykey -keystore c:\identity.jks
		
			 
			copy the NEW CERTIFICATE REQUEST" to "CERTIFICATE REQUEST" – sign by MIMOS
		
			 
			7-create a truststore
			http://users.skynet.be/pascalbotte/art/clientcertconf.htm
			
				
					keytool -genkey -alias dummy -keyalg RSA -keystore c:\truststore.jks
				
			
			
				
			
			
				
					keytool -delete -alias dummy -keystore c:\truststore.jks
				
			
			
			
				8-import CA cert to a truststore
			
			
			
				
					keytool -import -v -trustcacerts -alias mimosca -file c:\MIMOSCA.crt -keystore c:\truststore.jks
				
			
			9-import client cert to a truststore
			keytool -import -alias mykey -keystore
			
				c:\truststore.jks
			
			-trustcacerts -file c:\IzyaniCert.crt
		
			10-generate PKCS12 file that containing client key and certificate
			Keytool –importkeystore –srckeystore c:\identity.jks –destkeystore c:\identity.p12 –srcstoretype JKS –deststoretype PKCS12 –srcstorepass 123456 –deststorepass 123456 –srcalias mykey –destalias mykey –srckeypass 123456 –destkeypass 123456 –noprompt
		
			11-import the client PKCS12 certificate to browser
			12-configure tomcat for SSL
		
<!-- Define a SSL HTTP/1.1 Connector on port 8443 -->
<Connector port="8443" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
clientAuth="true" sslProtocol="TLS"
keystoreFile="c:\tomcat.jks"
keystorePass="123456"
truststoreFile="c:\truststore.jks"
truststorePass="123456" />
			 
			13-set the environment variable for CATALINA_OPTS
		
			(http://wiki.openbravo.com/wiki/ERP_2.50:Openbravo_environment_installation)
		
 

Add CATALINA_HOME, CATALINA_BASE and CATALINA_OPTS environment variables:

 

Right-click on My Computer.

Select Properties. The system properties window appears.

Select the Advanced tab.

Click Environment Variables.

Click New. The New User Variable box appears.

In the Variable name field, type CATALINA_HOME .

In the Variable value field, type the path of the Apache Tomcat installation directory. This is usually C:\Apache Software Foundation\Tomcat 6.0 .

Click OK.

Click New. The New User Variable box appears.

In the Variable name field, type CATALINA_BASE .

In the Variable value field type the path of the Apache Tomcat installation directory.

Click OK

Click New. The New User Variable box appears.

In the Variable name field, type CATALINA_OPTS .

In the Variable value type
			-Djavax.net.ssl.trustStore=
			c:\truststore.jks
		
			-Djavax.net.ssl.trustStorePassword=
			123456
		

 

Select the PATH environment variable.

In the Variable value field, type the path of the Apache Tomcat installation's bin folder. This is usually C:\Apache Software Foundation\Tomcat 6.0\bin .

 

 

Copy the C:\Java\jdk1.6.0_<version>\bin\lib\tools.jar file from your Sun JDK installation to C:\Apache Software Foundation\Tomcat 6.0\lib\

my error msg is:
Secure Connection Failed
     
An error occurred during a connection to localhost:8443.

SSL peer cannot verify your certificate.

(Error code: ssl_error_bad_cert_alert)

 

 

 
 
 
 

 

 

 

 

About | Sitemap | Contact