-
1. Re: Problems with clientAuth=
dejanmr Dec 3, 2008 12:12 PM (in response to dejanmr)Problem solved, truststoreFile was not set up properly.
-
2. Re: Problems with clientAuth=
walterpa Sep 10, 2009 3:15 PM (in response to dejanmr)I get the same error using FireFox. What should the trust file look like.
I removed the certificate then accessed the https url and accepted the exception (created the new certifictate). BUT I still get the same error message using FireFox.
thanks -
3. Re: Problems with clientAuth=
dejanmr Sep 11, 2009 5:45 AM (in response to dejanmr)I can not recall exact details, but problem was with trust store setup.
This is keystore with trusted certificates (describing which certificate authorities should be trusted) which is set up on server side, on JBoss. There are numbers of way you can set up trust stores on JBoss, check some manuals. This link might help, although is old:
http://www.jboss.org/community/wiki/SSLSetup -
4. Re: Problems with clientAuth="true"
mnccouk Oct 4, 2010 4:55 AM (in response to dejanmr)I had the same problem. You need to make sure you have the CA certificate in your cacerts ($JAVA_HOME/jre/lib/security/cacerts)(severside). This is the CA that signed the client certificate that's being issued to your server.
If the client was certificate was signed by a repitable CA (THAWTE, VeriSign) you will proabaly have this CA already installed in your cacerts truststore. If you signed the certificate yourself you need to make sure the certificate you presenting to the server is trusted, thats why you need to add your CA to the cacerts truststore.
NOTE: on tomcat -6 I set up the ssl connector in server.xml to define the location and password of the trustStore, for some reason tomcat did not use these settings.
NOTE: if running tomcat from eclipse in dev environment make sure you know the JDK tomcat is using to run with. This will effect you cacerts location.
This two note's and sketchy knowledge of how certificates work cost me hours.