0 Replies Latest reply on Feb 13, 2004 9:51 AM by Markus Cozowicz

    Client Authentication Certificate based / SSL / JBoss 3.2.3

    Markus Cozowicz Newbie

      I try to enable Client Authentication with Client Certificates with JBoss 3.2.3 / Tomcat 4.1.29 / Windows XP

      To give you a whole picture of the task:

      I have to enable FormBased/BasicAuth. and Authentication using Client Certificates for 1 WebApplication. I already got around the <login-config problem (you can only specify 1 method) by utilizing Single Sign On.
      Form Based and Basic Auth. already work perfectly. Client Certificate based authentication doesn't work for me.

      SSL is working for me.

      I generated my keys with if not "%JAVA_HOME%" == "" goto gotJavaHome
      echo You must set JAVA_HOME to point at your Java Development Kit installation
      goto cleanup
      :gotJavaHome

      echo Generating the Server KeyStore in file server.keystore
      %java_home%\bin\keytool -genkey -alias tomcat-sv -dname "CN=localhost, OU=SailLabs, L=at, S=Markus Cozowicz, C=YZ" -validity 30 -keyalg RSA -keypass markus -storepass markus -keystore server.keystore

      echo Exporting the certificate from keystore to an external file server.cer
      %java_home%\bin\keytool -export -alias tomcat-sv -storepass markus -file server.cer -keystore server.keystore

      echo Generating the Client KeyStore in file client.keystore
      %java_home%\bin\keytool -genkey -alias tomcat-cl -dname "CN=admin, OU=SailLabs, L=at, S=Markus Cozowicz, C=YZ" -validity 30 -keyalg RSA -keypass markus -storepass markus -keystore client.keystore

      echo Exporting the certificate from keystore to external file client.cer
      %java_home%\bin\keytool -export -alias tomcat-cl -storepass markus -file client.cer -keystore client.keystore

      echo Importing Client's certificate into Server's keystore
      %java_home%\bin\keytool -import -v -trustcacerts -alias tomcat -file server.cer -keystore client.keystore -keypass markus -storepass markus

      echo Importing Server's certificate into Client's keystore
      %java_home%\bin\keytool -import -v -trustcacerts -alias tomcat -file client.cer -keystore server.keystore -keypass markus -storepass markus

      :cleanup

      I fixed my puretls error msg problem with

      SSLImplementation="org.apache.tomcat.util.net.jsse.JSSEImplementation"
      in jboss-service.xml for tomcat41 under
      <Factory className "org.apache.coyote.tomcat4.CoyoteServerSocketFactory" ...

      Because the puretls classes require openssl and seemed pretty old (but I managed to get all the classes/jars, post here to get the jars if needed, took me quite a while).

      because of

      clientAuth="false"

      I get

      16:01:19,399 DEBUG [JSSE14Support] Error getting client certs
      javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated

      I actually just want to enable Client based Certification for 1 Web Application using CLIENT-CERT, so I actually want clientAuth="false".

      Setting it to true removes the error, but stops all other Web Applications to work.

      trying to access my CLIENT-CERT protected area I get:

      16:26:31,473 DEBUG [JSSE14Support] Reading for try #0
      16:26:31,473 DEBUG [JSSE14Support] Reading for try #1
      16:26:31,473 DEBUG [JSSE14Support] Reading for try #2
      16:26:31,473 DEBUG [JSSE14Support] Reading for try #3
      16:26:31,473 DEBUG [JSSE14Support] Reading for try #4
      16:26:31,473 DEBUG [JSSE14Support] Reading for try #5
      16:26:31,473 DEBUG [JSSE14Support] Reading for try #6
      16:26:31,473 DEBUG [JSSE14Support] Reading for try #7
      16:26:31,473 DEBUG [JSSE14Support] Reading for try #8
      16:26:31,473 DEBUG [JSSE14Support] Reading for try #9
      16:26:31,473 DEBUG [JSSE14Support] Reading for try #10
      16:26:31,473 DEBUG [JSSE14Support] Reading for try #11
      16:26:31,473 DEBUG [JSSE14Support] Reading for try #12
      16:26:31,473 DEBUG [JSSE14Support] Reading for try #13
      16:26:31,473 DEBUG [JSSE14Support] Reading for try #14
      16:26:31,473 DEBUG [JSSE14Support] Reading for try #15
      16:26:31,473 DEBUG [JSSE14Support] Reading for try #16
      16:26:31,483 DEBUG [JSSE14Support] Reading for try #17
      16:26:31,483 DEBUG [JSSE14Support] Reading for try #18
      16:26:31,483 DEBUG [JSSE14Support] Reading for try #19
      16:26:31,483 DEBUG [JSSE14Support] Reading for try #20
      16:26:31,483 DEBUG [JSSE14Support] Reading for try #21
      16:26:31,483 DEBUG [ThreadPool] Getting new thread data
      16:26:31,483 DEBUG [JSSE14Support] Reading for try #22
      16:26:31,483 DEBUG [JSSE14Support] Reading for try #23
      16:26:31,483 DEBUG [JSSE14Support] Reading for try #24
      16:26:31,483 DEBUG [JSSE14Support] Reading for try #25
      16:26:31,483 DEBUG [JSSE14Support] Reading for try #26
      16:26:31,483 DEBUG [JSSE14Support] Reading for try #27
      16:26:31,483 DEBUG [JSSE14Support] Reading for try #28
      16:26:31,483 DEBUG [JSSE14Support] Reading for try #29
      16:26:31,483 DEBUG [JSSE14Support] Reading for try #30
      16:26:31,493 DEBUG [JSSE14Support] Reading for try #31
      16:26:31,493 DEBUG [JSSE14Support] Reading for try #32
      16:26:31,493 DEBUG [JSSE14Support] Reading for try #33
      16:26:31,513 DEBUG [JSSE14Support] Reading for try #34
      16:26:31,513 DEBUG [JSSE14Support] Reading for try #35
      16:26:31,513 DEBUG [JSSE14Support] Reading for try #36
      16:26:31,513 DEBUG [JSSE14Support] Reading for try #37
      16:26:31,513 DEBUG [JSSE14Support] Reading for try #38
      16:26:31,513 DEBUG [JSSE14Support] Reading for try #39
      16:26:31,513 DEBUG [JSSE14Support] Reading for try #40
      16:26:31,513 DEBUG [JSSE14Support] Reading for try #41
      16:26:31,513 DEBUG [JSSE14Support] Reading for try #42
      16:26:31,523 DEBUG [JSSE14Support] Error getting client certs
      javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
      at com.sun.net.ssl.internal.ssl.SSLSessionImpl.getPeerCertificates(DashoA6275)
      at org.apache.tomcat.util.net.jsse.JSSE14Support.getX509Certificates(JSSE14Support.java:151)
      at org.apache.tomcat.util.net.jsse.JSSESupport.getPeerCertificateChain(JSSESupport.java:166)
      at org.apache.coyote.http11.Http11Processor.action(Http11Processor.java:954)
      at org.apache.coyote.Response.action(Response.java:226)
      at org.apache.coyote.tomcat4.CoyoteAdapter.postParseRequest(CoyoteAdapter.java:303)
      at org.apache.coyote.tomcat4.CoyoteAdapter.service(CoyoteAdapter.java:195)
      at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:781)
      at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11Protocol.java:549)
      at org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java:605)
      at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:677)
      at java.lang.Thread.run(Thread.java:534)
      16:26:31,523 DEBUG [JSSE14Support] Reading for try #0
      16:26:31,523 DEBUG [JSSE14Support] Reading for try #43
      16:26:31,523 DEBUG [JSSE14Support] Reading for try #44
      16:26:31,523 DEBUG [JSSE14Support] Reading for try #45
      16:26:31,523 DEBUG [JSSE14Support] Reading for try #46
      16:26:31,523 DEBUG [JSSE14Support] Reading for try #47
      16:26:31,523 DEBUG [JSSE14Support] Reading for try #48
      16:26:31,523 DEBUG [JSSE14Support] Reading for try #49
      16:26:31,523 DEBUG [JSSE14Support] Reading for try #50
      16:26:31,523 DEBUG [JSSE14Support] Reading for try #51
      16:26:31,523 DEBUG [JSSE14Support] Reading for try #52
      16:26:31,523 DEBUG [JSSE14Support] Reading for try #53
      16:26:31,523 DEBUG [JSSE14Support] Reading for try #54
      16:26:31,523 INFO [JSSE14Support] SSL Error getting client Certs
      javax.net.ssl.SSLProtocolException: handshake alert: no_certificate
      at com.sun.net.ssl.internal.ssl.SunJSSE_aw.b(DashoA6275)
      at com.sun.net.ssl.internal.ssl.SSLSocketImpl.b(DashoA6275)
      at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
      at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
      at com.sun.net.ssl.internal.ssl.AppInputStream.read(DashoA6275)
      at java.io.InputStream.read(InputStream.java:89)
      at org.apache.tomcat.util.net.jsse.JSSE14Support.synchronousHandshake(JSSE14Support.java:126)
      at org.apache.tomcat.util.net.jsse.JSSE14Support.handShake(JSSE14Support.java:105)
      at org.apache.tomcat.util.net.jsse.JSSESupport.getPeerCertificateChain(JSSESupport.java:163)
      at org.apache.coyote.http11.Http11Processor.action(Http11Processor.java:1010)
      at org.apache.coyote.Request.action(Request.java:393)
      at org.apache.coyote.tomcat4.CoyoteRequest.getAttribute(CoyoteRequest.java:793)
      at org.apache.coyote.tomcat4.CoyoteRequestFacade.getAttribute(CoyoteRequestFacade.java:137)
      at org.jboss.web.tomcat.tc4.authenticator.SSLAuthenticator.authenticate(SSLAuthenticator.java:220)
      at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:528)
      at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641)
      at org.apache.catalina.valves.CertificatesValve.invoke(CertificatesValve.java:246)
      at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641)
      at org.jboss.web.tomcat.tc4.statistics.ContainerStatsValve.invoke(ContainerStatsValve.java:76)
      at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641)
      at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480)
      at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
      at org.apache.catalina.core.StandardContext.invoke(StandardContext.java:2417)
      at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:180)
      at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:643)
      at org.apache.catalina.valves.ErrorDispatcherValve.invoke(ErrorDispatcherValve.java:171)
      at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641)
      at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:172)
      at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641)
      at org.jboss.web.tomcat.tc4.authenticator.SingleSignOn.invoke(SingleSignOn.java:409)
      at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641)
      at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:65)
      at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641)
      at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:577)
      at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641)
      at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480)
      at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
      at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:174)
      at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:643)
      at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480)
      at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
      at org.apache.coyote.tomcat4.CoyoteAdapter.service(CoyoteAdapter.java:197)
      at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:781)
      at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11Protocol.java:549)
      at org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java:605)
      at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:677)
      at java.lang.Thread.run(Thread.java:534)
      16:26:31,543 WARN [Http11Processor] Exception getting SSL Cert
      javax.net.ssl.SSLProtocolException: handshake alert: no_certificate
      at com.sun.net.ssl.internal.ssl.SunJSSE_aw.b(DashoA6275)
      at com.sun.net.ssl.internal.ssl.SSLSocketImpl.b(DashoA6275)
      at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
      at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
      at com.sun.net.ssl.internal.ssl.AppInputStream.read(DashoA6275)
      at java.io.InputStream.read(InputStream.java:89)
      at org.apache.tomcat.util.net.jsse.JSSE14Support.synchronousHandshake(JSSE14Support.java:126)
      at org.apache.tomcat.util.net.jsse.JSSE14Support.handShake(JSSE14Support.java:105)
      at org.apache.tomcat.util.net.jsse.JSSESupport.getPeerCertificateChain(JSSESupport.java:163)
      at org.apache.coyote.http11.Http11Processor.action(Http11Processor.java:1010)
      at org.apache.coyote.Request.action(Request.java:393)
      at org.apache.coyote.tomcat4.CoyoteRequest.getAttribute(CoyoteRequest.java:793)
      at org.apache.coyote.tomcat4.CoyoteRequestFacade.getAttribute(CoyoteRequestFacade.java:137)
      at org.jboss.web.tomcat.tc4.authenticator.SSLAuthenticator.authenticate(SSLAuthenticator.java:220)
      at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:528)
      at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641)
      at org.apache.catalina.valves.CertificatesValve.invoke(CertificatesValve.java:246)
      at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641)
      at org.jboss.web.tomcat.tc4.statistics.ContainerStatsValve.invoke(ContainerStatsValve.java:76)
      at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641)
      at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480)
      at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
      at org.apache.catalina.core.StandardContext.invoke(StandardContext.java:2417)
      at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:180)
      at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:643)
      at org.apache.catalina.valves.ErrorDispatcherValve.invoke(ErrorDispatcherValve.java:171)
      at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641)
      at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:172)
      at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641)
      at org.jboss.web.tomcat.tc4.authenticator.SingleSignOn.invoke(SingleSignOn.java:409)
      at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641)
      at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:65)
      at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641)
      at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:577)
      at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641)
      at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480)
      at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
      at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:174)
      at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:643)
      at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480)
      at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
      at org.apache.coyote.tomcat4.CoyoteAdapter.service(CoyoteAdapter.java:197)
      at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:781)
      at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11Protocol.java:549)
      at org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java:605)
      at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:677)
      at java.lang.Thread.run(Thread.java:534)
      16:26:31,553 DEBUG [Http11Protocol] IOException reading request
      javax.net.ssl.SSLException: Connection has been shutdown: javax.net.ssl.SSLProtocolException: handshake alert: no_certificate
      at com.sun.net.ssl.internal.ssl.SSLSocketImpl.d(DashoA6275)
      at com.sun.net.ssl.internal.ssl.AppInputStream.available(DashoA6275)
      at org.apache.tomcat.util.net.TcpConnection.shutdownInput(TcpConnection.java:137)
      at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11Protocol.java:563)
      at org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java:605)
      at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:677)
      at java.lang.Thread.run(Thread.java:534)
      Caused by: javax.net.ssl.SSLProtocolException: handshake alert: no_certificate
      at com.sun.net.ssl.internal.ssl.SunJSSE_aw.b(DashoA6275)
      at com.sun.net.ssl.internal.ssl.SSLSocketImpl.b(DashoA6275)
      at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
      at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
      at com.sun.net.ssl.internal.ssl.AppInputStream.read(DashoA6275)
      at java.io.InputStream.read(InputStream.java:89)
      at org.apache.tomcat.util.net.jsse.JSSE14Support.synchronousHandshake(JSSE14Support.java:126)
      at org.apache.tomcat.util.net.jsse.JSSE14Support.handShake(JSSE14Support.java:105)
      at org.apache.tomcat.util.net.jsse.JSSESupport.getPeerCertificateChain(JSSESupport.java:163)
      at org.apache.coyote.http11.Http11Processor.action(Http11Processor.java:1010)
      at org.apache.coyote.Request.action(Request.java:393)
      at org.apache.coyote.tomcat4.CoyoteRequest.getAttribute(CoyoteRequest.java:793)
      at org.apache.coyote.tomcat4.CoyoteRequestFacade.getAttribute(CoyoteRequestFacade.java:137)
      at org.jboss.web.tomcat.tc4.authenticator.SSLAuthenticator.authenticate(SSLAuthenticator.java:220)
      at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:528)
      at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641)
      at org.apache.catalina.valves.CertificatesValve.invoke(CertificatesValve.java:246)
      at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641)
      at org.jboss.web.tomcat.tc4.statistics.ContainerStatsValve.invoke(ContainerStatsValve.java:76)
      at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641)
      at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480)
      at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
      at org.apache.catalina.core.StandardContext.invoke(StandardContext.java:2417)
      at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:180)
      at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:643)
      at org.apache.catalina.valves.ErrorDispatcherValve.invoke(ErrorDispatcherValve.java:171)
      at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641)
      at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:172)
      at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641)
      at org.jboss.web.tomcat.tc4.authenticator.SingleSignOn.invoke(SingleSignOn.java:409)
      at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641)
      at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:65)
      at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641)
      at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:577)
      at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641)
      at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480)
      at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
      at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:174)
      at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:643)
      at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480)
      at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
      at org.apache.coyote.tomcat4.CoyoteAdapter.service(CoyoteAdapter.java:197)
      at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:781)
      at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11Protocol.java:549)
      ... 3 more
      16:26:31,553 DEBUG [JSSE14Support] Reading for try #55
      16:26:31,553 DEBUG [JSSE14Support] Reading for try #56
      16:26:31,553 DEBUG [JSSE14Support] Reading for try #57
      16:26:31,553 DEBUG [JSSE14Support] Reading for try #58
      16:26:31,553 DEBUG [JSSE14Support] Reading for try #59
      16:26:31,553 WARN [Http11Processor] Exception getting SSL Cert
      java.net.SocketException: Socket Closed
      at java.net.PlainSocketImpl.setOption(PlainSocketImpl.java:177)
      at java.net.Socket.setSoTimeout(Socket.java:924)
      at com.sun.net.ssl.internal.ssl.SSLSocketImpl.setSoTimeout(DashoA6275)
      at org.apache.tomcat.util.net.jsse.JSSE14Support.synchronousHandshake(JSSE14Support.java:137)
      at org.apache.tomcat.util.net.jsse.JSSE14Support.handShake(JSSE14Support.java:105)
      at org.apache.tomcat.util.net.jsse.JSSESupport.getPeerCertificateChain(JSSESupport.java:163)
      at org.apache.coyote.http11.Http11Processor.action(Http11Processor.java:1010)
      at org.apache.coyote.Request.action(Request.java:393)
      at org.apache.coyote.tomcat4.CoyoteRequest.getAttribute(CoyoteRequest.java:793)
      at org.apache.coyote.tomcat4.CoyoteRequestFacade.getAttribute(CoyoteRequestFacade.java:137)
      at org.jboss.web.tomcat.tc4.authenticator.SSLAuthenticator.authenticate(SSLAuthenticator.java:220)
      at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:528)
      at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641)
      at org.apache.catalina.valves.CertificatesValve.invoke(CertificatesValve.java:246)
      at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641)
      at org.jboss.web.tomcat.tc4.statistics.ContainerStatsValve.invoke(ContainerStatsValve.java:76)
      at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641)
      at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480)
      at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
      at org.apache.catalina.core.StandardContext.invoke(StandardContext.java:2417)
      at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:180)
      at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:643)
      at org.apache.catalina.valves.ErrorDispatcherValve.invoke(ErrorDispatcherValve.java:171)
      at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641)
      at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:172)
      at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641)
      at org.jboss.web.tomcat.tc4.authenticator.SingleSignOn.invoke(SingleSignOn.java:409)
      at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641)
      at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:65)
      at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641)
      at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:577)
      at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641)
      at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480)
      at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
      at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:174)
      at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:643)
      at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480)
      at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
      at org.apache.coyote.tomcat4.CoyoteAdapter.service(CoyoteAdapter.java:197)
      at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:781)
      at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11Protocol.java:549)
      at org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java:605)
      at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:677)
      at java.lang.Thread.run(Thread.java:534)


      I hope to get a nice popup in my Internet Explorer asking me for a Certificate to present to the server.
      And where should I actually put the client-certificates on the server, so it can verify against it.

      hope somebody can help me. already surfing/reading/code sniffing for 2 days.

      thx markus

      Ps: Tomcat documentation for CLIENT-CERT is none-exisiting :-(