Client Authentication Certificate based / SSL / JBoss 3.2.3
eisber Feb 13, 2004 9:51 AMI try to enable Client Authentication with Client Certificates with JBoss 3.2.3 / Tomcat 4.1.29 / Windows XP
To give you a whole picture of the task:
I have to enable FormBased/BasicAuth. and Authentication using Client Certificates for 1 WebApplication. I already got around the <login-config problem (you can only specify 1 method) by utilizing Single Sign On.
Form Based and Basic Auth. already work perfectly. Client Certificate based authentication doesn't work for me.
SSL is working for me.
I generated my keys with if not "%JAVA_HOME%" == "" goto gotJavaHome
echo You must set JAVA_HOME to point at your Java Development Kit installation
goto cleanup
:gotJavaHome
echo Generating the Server KeyStore in file server.keystore
%java_home%\bin\keytool -genkey -alias tomcat-sv -dname "CN=localhost, OU=SailLabs, L=at, S=Markus Cozowicz, C=YZ" -validity 30 -keyalg RSA -keypass markus -storepass markus -keystore server.keystore
echo Exporting the certificate from keystore to an external file server.cer
%java_home%\bin\keytool -export -alias tomcat-sv -storepass markus -file server.cer -keystore server.keystore
echo Generating the Client KeyStore in file client.keystore
%java_home%\bin\keytool -genkey -alias tomcat-cl -dname "CN=admin, OU=SailLabs, L=at, S=Markus Cozowicz, C=YZ" -validity 30 -keyalg RSA -keypass markus -storepass markus -keystore client.keystore
echo Exporting the certificate from keystore to external file client.cer
%java_home%\bin\keytool -export -alias tomcat-cl -storepass markus -file client.cer -keystore client.keystore
echo Importing Client's certificate into Server's keystore
%java_home%\bin\keytool -import -v -trustcacerts -alias tomcat -file server.cer -keystore client.keystore -keypass markus -storepass markus
echo Importing Server's certificate into Client's keystore
%java_home%\bin\keytool -import -v -trustcacerts -alias tomcat -file client.cer -keystore server.keystore -keypass markus -storepass markus
:cleanup
I fixed my puretls error msg problem with
SSLImplementation="org.apache.tomcat.util.net.jsse.JSSEImplementation"
in jboss-service.xml for tomcat41 under
<Factory className "org.apache.coyote.tomcat4.CoyoteServerSocketFactory" ...
Because the puretls classes require openssl and seemed pretty old (but I managed to get all the classes/jars, post here to get the jars if needed, took me quite a while).
because of
clientAuth="false"
I get
16:01:19,399 DEBUG [JSSE14Support] Error getting client certs
javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
I actually just want to enable Client based Certification for 1 Web Application using CLIENT-CERT, so I actually want clientAuth="false".
Setting it to true removes the error, but stops all other Web Applications to work.
trying to access my CLIENT-CERT protected area I get:
16:26:31,473 DEBUG [JSSE14Support] Reading for try #0
16:26:31,473 DEBUG [JSSE14Support] Reading for try #1
16:26:31,473 DEBUG [JSSE14Support] Reading for try #2
16:26:31,473 DEBUG [JSSE14Support] Reading for try #3
16:26:31,473 DEBUG [JSSE14Support] Reading for try #4
16:26:31,473 DEBUG [JSSE14Support] Reading for try #5
16:26:31,473 DEBUG [JSSE14Support] Reading for try #6
16:26:31,473 DEBUG [JSSE14Support] Reading for try #7
16:26:31,473 DEBUG [JSSE14Support] Reading for try #8
16:26:31,473 DEBUG [JSSE14Support] Reading for try #9
16:26:31,473 DEBUG [JSSE14Support] Reading for try #10
16:26:31,473 DEBUG [JSSE14Support] Reading for try #11
16:26:31,473 DEBUG [JSSE14Support] Reading for try #12
16:26:31,473 DEBUG [JSSE14Support] Reading for try #13
16:26:31,473 DEBUG [JSSE14Support] Reading for try #14
16:26:31,473 DEBUG [JSSE14Support] Reading for try #15
16:26:31,473 DEBUG [JSSE14Support] Reading for try #16
16:26:31,483 DEBUG [JSSE14Support] Reading for try #17
16:26:31,483 DEBUG [JSSE14Support] Reading for try #18
16:26:31,483 DEBUG [JSSE14Support] Reading for try #19
16:26:31,483 DEBUG [JSSE14Support] Reading for try #20
16:26:31,483 DEBUG [JSSE14Support] Reading for try #21
16:26:31,483 DEBUG [ThreadPool] Getting new thread data
16:26:31,483 DEBUG [JSSE14Support] Reading for try #22
16:26:31,483 DEBUG [JSSE14Support] Reading for try #23
16:26:31,483 DEBUG [JSSE14Support] Reading for try #24
16:26:31,483 DEBUG [JSSE14Support] Reading for try #25
16:26:31,483 DEBUG [JSSE14Support] Reading for try #26
16:26:31,483 DEBUG [JSSE14Support] Reading for try #27
16:26:31,483 DEBUG [JSSE14Support] Reading for try #28
16:26:31,483 DEBUG [JSSE14Support] Reading for try #29
16:26:31,483 DEBUG [JSSE14Support] Reading for try #30
16:26:31,493 DEBUG [JSSE14Support] Reading for try #31
16:26:31,493 DEBUG [JSSE14Support] Reading for try #32
16:26:31,493 DEBUG [JSSE14Support] Reading for try #33
16:26:31,513 DEBUG [JSSE14Support] Reading for try #34
16:26:31,513 DEBUG [JSSE14Support] Reading for try #35
16:26:31,513 DEBUG [JSSE14Support] Reading for try #36
16:26:31,513 DEBUG [JSSE14Support] Reading for try #37
16:26:31,513 DEBUG [JSSE14Support] Reading for try #38
16:26:31,513 DEBUG [JSSE14Support] Reading for try #39
16:26:31,513 DEBUG [JSSE14Support] Reading for try #40
16:26:31,513 DEBUG [JSSE14Support] Reading for try #41
16:26:31,513 DEBUG [JSSE14Support] Reading for try #42
16:26:31,523 DEBUG [JSSE14Support] Error getting client certs
javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
at com.sun.net.ssl.internal.ssl.SSLSessionImpl.getPeerCertificates(DashoA6275)
at org.apache.tomcat.util.net.jsse.JSSE14Support.getX509Certificates(JSSE14Support.java:151)
at org.apache.tomcat.util.net.jsse.JSSESupport.getPeerCertificateChain(JSSESupport.java:166)
at org.apache.coyote.http11.Http11Processor.action(Http11Processor.java:954)
at org.apache.coyote.Response.action(Response.java:226)
at org.apache.coyote.tomcat4.CoyoteAdapter.postParseRequest(CoyoteAdapter.java:303)
at org.apache.coyote.tomcat4.CoyoteAdapter.service(CoyoteAdapter.java:195)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:781)
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11Protocol.java:549)
at org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java:605)
at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:677)
at java.lang.Thread.run(Thread.java:534)
16:26:31,523 DEBUG [JSSE14Support] Reading for try #0
16:26:31,523 DEBUG [JSSE14Support] Reading for try #43
16:26:31,523 DEBUG [JSSE14Support] Reading for try #44
16:26:31,523 DEBUG [JSSE14Support] Reading for try #45
16:26:31,523 DEBUG [JSSE14Support] Reading for try #46
16:26:31,523 DEBUG [JSSE14Support] Reading for try #47
16:26:31,523 DEBUG [JSSE14Support] Reading for try #48
16:26:31,523 DEBUG [JSSE14Support] Reading for try #49
16:26:31,523 DEBUG [JSSE14Support] Reading for try #50
16:26:31,523 DEBUG [JSSE14Support] Reading for try #51
16:26:31,523 DEBUG [JSSE14Support] Reading for try #52
16:26:31,523 DEBUG [JSSE14Support] Reading for try #53
16:26:31,523 DEBUG [JSSE14Support] Reading for try #54
16:26:31,523 INFO [JSSE14Support] SSL Error getting client Certs
javax.net.ssl.SSLProtocolException: handshake alert: no_certificate
at com.sun.net.ssl.internal.ssl.SunJSSE_aw.b(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.b(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.AppInputStream.read(DashoA6275)
at java.io.InputStream.read(InputStream.java:89)
at org.apache.tomcat.util.net.jsse.JSSE14Support.synchronousHandshake(JSSE14Support.java:126)
at org.apache.tomcat.util.net.jsse.JSSE14Support.handShake(JSSE14Support.java:105)
at org.apache.tomcat.util.net.jsse.JSSESupport.getPeerCertificateChain(JSSESupport.java:163)
at org.apache.coyote.http11.Http11Processor.action(Http11Processor.java:1010)
at org.apache.coyote.Request.action(Request.java:393)
at org.apache.coyote.tomcat4.CoyoteRequest.getAttribute(CoyoteRequest.java:793)
at org.apache.coyote.tomcat4.CoyoteRequestFacade.getAttribute(CoyoteRequestFacade.java:137)
at org.jboss.web.tomcat.tc4.authenticator.SSLAuthenticator.authenticate(SSLAuthenticator.java:220)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:528)
at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641)
at org.apache.catalina.valves.CertificatesValve.invoke(CertificatesValve.java:246)
at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641)
at org.jboss.web.tomcat.tc4.statistics.ContainerStatsValve.invoke(ContainerStatsValve.java:76)
at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
at org.apache.catalina.core.StandardContext.invoke(StandardContext.java:2417)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:180)
at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:643)
at org.apache.catalina.valves.ErrorDispatcherValve.invoke(ErrorDispatcherValve.java:171)
at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:172)
at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641)
at org.jboss.web.tomcat.tc4.authenticator.SingleSignOn.invoke(SingleSignOn.java:409)
at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641)
at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:65)
at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641)
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:577)
at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:174)
at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:643)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
at org.apache.coyote.tomcat4.CoyoteAdapter.service(CoyoteAdapter.java:197)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:781)
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11Protocol.java:549)
at org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java:605)
at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:677)
at java.lang.Thread.run(Thread.java:534)
16:26:31,543 WARN [Http11Processor] Exception getting SSL Cert
javax.net.ssl.SSLProtocolException: handshake alert: no_certificate
at com.sun.net.ssl.internal.ssl.SunJSSE_aw.b(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.b(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.AppInputStream.read(DashoA6275)
at java.io.InputStream.read(InputStream.java:89)
at org.apache.tomcat.util.net.jsse.JSSE14Support.synchronousHandshake(JSSE14Support.java:126)
at org.apache.tomcat.util.net.jsse.JSSE14Support.handShake(JSSE14Support.java:105)
at org.apache.tomcat.util.net.jsse.JSSESupport.getPeerCertificateChain(JSSESupport.java:163)
at org.apache.coyote.http11.Http11Processor.action(Http11Processor.java:1010)
at org.apache.coyote.Request.action(Request.java:393)
at org.apache.coyote.tomcat4.CoyoteRequest.getAttribute(CoyoteRequest.java:793)
at org.apache.coyote.tomcat4.CoyoteRequestFacade.getAttribute(CoyoteRequestFacade.java:137)
at org.jboss.web.tomcat.tc4.authenticator.SSLAuthenticator.authenticate(SSLAuthenticator.java:220)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:528)
at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641)
at org.apache.catalina.valves.CertificatesValve.invoke(CertificatesValve.java:246)
at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641)
at org.jboss.web.tomcat.tc4.statistics.ContainerStatsValve.invoke(ContainerStatsValve.java:76)
at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
at org.apache.catalina.core.StandardContext.invoke(StandardContext.java:2417)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:180)
at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:643)
at org.apache.catalina.valves.ErrorDispatcherValve.invoke(ErrorDispatcherValve.java:171)
at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:172)
at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641)
at org.jboss.web.tomcat.tc4.authenticator.SingleSignOn.invoke(SingleSignOn.java:409)
at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641)
at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:65)
at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641)
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:577)
at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:174)
at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:643)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
at org.apache.coyote.tomcat4.CoyoteAdapter.service(CoyoteAdapter.java:197)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:781)
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11Protocol.java:549)
at org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java:605)
at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:677)
at java.lang.Thread.run(Thread.java:534)
16:26:31,553 DEBUG [Http11Protocol] IOException reading request
javax.net.ssl.SSLException: Connection has been shutdown: javax.net.ssl.SSLProtocolException: handshake alert: no_certificate
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.d(DashoA6275)
at com.sun.net.ssl.internal.ssl.AppInputStream.available(DashoA6275)
at org.apache.tomcat.util.net.TcpConnection.shutdownInput(TcpConnection.java:137)
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11Protocol.java:563)
at org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java:605)
at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:677)
at java.lang.Thread.run(Thread.java:534)
Caused by: javax.net.ssl.SSLProtocolException: handshake alert: no_certificate
at com.sun.net.ssl.internal.ssl.SunJSSE_aw.b(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.b(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.AppInputStream.read(DashoA6275)
at java.io.InputStream.read(InputStream.java:89)
at org.apache.tomcat.util.net.jsse.JSSE14Support.synchronousHandshake(JSSE14Support.java:126)
at org.apache.tomcat.util.net.jsse.JSSE14Support.handShake(JSSE14Support.java:105)
at org.apache.tomcat.util.net.jsse.JSSESupport.getPeerCertificateChain(JSSESupport.java:163)
at org.apache.coyote.http11.Http11Processor.action(Http11Processor.java:1010)
at org.apache.coyote.Request.action(Request.java:393)
at org.apache.coyote.tomcat4.CoyoteRequest.getAttribute(CoyoteRequest.java:793)
at org.apache.coyote.tomcat4.CoyoteRequestFacade.getAttribute(CoyoteRequestFacade.java:137)
at org.jboss.web.tomcat.tc4.authenticator.SSLAuthenticator.authenticate(SSLAuthenticator.java:220)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:528)
at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641)
at org.apache.catalina.valves.CertificatesValve.invoke(CertificatesValve.java:246)
at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641)
at org.jboss.web.tomcat.tc4.statistics.ContainerStatsValve.invoke(ContainerStatsValve.java:76)
at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
at org.apache.catalina.core.StandardContext.invoke(StandardContext.java:2417)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:180)
at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:643)
at org.apache.catalina.valves.ErrorDispatcherValve.invoke(ErrorDispatcherValve.java:171)
at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:172)
at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641)
at org.jboss.web.tomcat.tc4.authenticator.SingleSignOn.invoke(SingleSignOn.java:409)
at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641)
at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:65)
at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641)
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:577)
at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:174)
at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:643)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
at org.apache.coyote.tomcat4.CoyoteAdapter.service(CoyoteAdapter.java:197)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:781)
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11Protocol.java:549)
... 3 more
16:26:31,553 DEBUG [JSSE14Support] Reading for try #55
16:26:31,553 DEBUG [JSSE14Support] Reading for try #56
16:26:31,553 DEBUG [JSSE14Support] Reading for try #57
16:26:31,553 DEBUG [JSSE14Support] Reading for try #58
16:26:31,553 DEBUG [JSSE14Support] Reading for try #59
16:26:31,553 WARN [Http11Processor] Exception getting SSL Cert
java.net.SocketException: Socket Closed
at java.net.PlainSocketImpl.setOption(PlainSocketImpl.java:177)
at java.net.Socket.setSoTimeout(Socket.java:924)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.setSoTimeout(DashoA6275)
at org.apache.tomcat.util.net.jsse.JSSE14Support.synchronousHandshake(JSSE14Support.java:137)
at org.apache.tomcat.util.net.jsse.JSSE14Support.handShake(JSSE14Support.java:105)
at org.apache.tomcat.util.net.jsse.JSSESupport.getPeerCertificateChain(JSSESupport.java:163)
at org.apache.coyote.http11.Http11Processor.action(Http11Processor.java:1010)
at org.apache.coyote.Request.action(Request.java:393)
at org.apache.coyote.tomcat4.CoyoteRequest.getAttribute(CoyoteRequest.java:793)
at org.apache.coyote.tomcat4.CoyoteRequestFacade.getAttribute(CoyoteRequestFacade.java:137)
at org.jboss.web.tomcat.tc4.authenticator.SSLAuthenticator.authenticate(SSLAuthenticator.java:220)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:528)
at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641)
at org.apache.catalina.valves.CertificatesValve.invoke(CertificatesValve.java:246)
at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641)
at org.jboss.web.tomcat.tc4.statistics.ContainerStatsValve.invoke(ContainerStatsValve.java:76)
at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
at org.apache.catalina.core.StandardContext.invoke(StandardContext.java:2417)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:180)
at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:643)
at org.apache.catalina.valves.ErrorDispatcherValve.invoke(ErrorDispatcherValve.java:171)
at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:172)
at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641)
at org.jboss.web.tomcat.tc4.authenticator.SingleSignOn.invoke(SingleSignOn.java:409)
at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641)
at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:65)
at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641)
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:577)
at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:174)
at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:643)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
at org.apache.coyote.tomcat4.CoyoteAdapter.service(CoyoteAdapter.java:197)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:781)
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11Protocol.java:549)
at org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java:605)
at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:677)
at java.lang.Thread.run(Thread.java:534)
I hope to get a nice popup in my Internet Explorer asking me for a Certificate to present to the server.
And where should I actually put the client-certificates on the server, so it can verify against it.
hope somebody can help me. already surfing/reading/code sniffing for 2 days.
thx markus
Ps: Tomcat documentation for CLIENT-CERT is none-exisiting :-(