Comments on: Configuring Tomcat SSL Client/Server Authentication http://www.maximporges.com/2009/11/18/configuring-tomcat-ssl-clientserver-authentication/ Winning At Yelling Mon, 26 Jul 2010 21:32:44 -0700 http://wordpress.org/?v=2.8.4 hourly 1 By: Matabares http://www.maximporges.com/2009/11/18/configuring-tomcat-ssl-clientserver-authentication/comment-page-1/#comment-542 Matabares Tue, 30 Mar 2010 22:27:29 +0000 http://www.maximporges.com/?p=415#comment-542 Thanks!!!!!! Excellent Post. Works for me. Thanks!!!!!! Excellent Post. Works for me.

]]> By: Maxim Porges http://www.maximporges.com/2009/11/18/configuring-tomcat-ssl-clientserver-authentication/comment-page-1/#comment-468 Maxim Porges Sun, 03 Jan 2010 05:50:04 +0000 http://www.maximporges.com/?p=415#comment-468 Pankil, Here are the answers to your questions to the best of my ability. ===> how the server sends the client certificate to client side? The server doesn't send the client certificate to the client side. When you configure a truststore, the Tomcat server expects the client to send a certificate to the server. You may get prompted for a client certificate explicitly, or the server may just respond with an error indicating that a certificate was not sent. To configure a client to send a certificate, you have to follow specific instructions depending on the browser (or other user agent) you are using. There are a few examples at this URL - just Google for "client certificate installation in [browser name]" if you need help. http://web.asu.edu/community/installing-client-certificate-windows-machine Pankil,

Here are the answers to your questions to the best of my ability.

===> how the server sends the client certificate to client side?
The server doesn’t send the client certificate to the client side. When you configure a truststore, the Tomcat server expects the client to send a certificate to the server. You may get prompted for a client certificate explicitly, or the server may just respond with an error indicating that a certificate was not sent.

To configure a client to send a certificate, you have to follow specific instructions depending on the browser (or other user agent) you are using. There are a few examples at this URL – just Google for “client certificate installation in [browser name]” if you need help.

http://web.asu.edu/community/installing-client-certificate-windows-machine

]]> By: Maxim Porges http://www.maximporges.com/2009/11/18/configuring-tomcat-ssl-clientserver-authentication/comment-page-1/#comment-467 Maxim Porges Sun, 03 Jan 2010 05:45:11 +0000 http://www.maximporges.com/?p=415#comment-467 Thanks Peter, glad you liked it. To your point, I expect that both the truststore and keystore must be present to enable the appropriate SSL handshaking to take place. I've only ever configured keystore by itself (for server-only auth for SSL connections) and both truststore and keystore (for client/server auth) - never truststore only. Thanks Peter, glad you liked it.

To your point, I expect that both the truststore and keystore must be present to enable the appropriate SSL handshaking to take place. I’ve only ever configured keystore by itself (for server-only auth for SSL connections) and both truststore and keystore (for client/server auth) – never truststore only.

]]> By: Peter Mularien http://www.maximporges.com/2009/11/18/configuring-tomcat-ssl-clientserver-authentication/comment-page-1/#comment-466 Peter Mularien Sat, 02 Jan 2010 21:56:17 +0000 http://www.maximporges.com/?p=415#comment-466 Thank you for the great tutorial - it's the best write-up of an often confused topic I've seen online. One thing that you may want to note is that it is mandatory to configure both the truststore and the keystore, otherwise Tomcat will not consider a certificate, even if everything is otherwise correctly configured. Thank you for the great tutorial – it’s the best write-up of an often confused topic I’ve seen online. One thing that you may want to note is that it is mandatory to configure both the truststore and the keystore, otherwise Tomcat will not consider a certificate, even if everything is otherwise correctly configured.

]]> By: Pankil http://www.maximporges.com/2009/11/18/configuring-tomcat-ssl-clientserver-authentication/comment-page-1/#comment-458 Pankil Fri, 18 Dec 2009 11:02:14 +0000 http://www.maximporges.com/?p=415#comment-458 good post, thanx but when client requests server page, at that time when client trust servers certificate, server certificate installed on client side.....its happening in my pcs... please give me some help thnax in advance good post,
thanx but when client requests server page, at that time when client trust servers certificate, server certificate installed on client side…..its happening in my pcs…

please give me some help

thnax in advance

]]> By: Pankil http://www.maximporges.com/2009/11/18/configuring-tomcat-ssl-clientserver-authentication/comment-page-1/#comment-457 Pankil Fri, 18 Dec 2009 10:57:41 +0000 http://www.maximporges.com/?p=415#comment-457 very good post, i really like it... but i have a question... how the server sends the client certificate to client side? can u reply in java code, thanx in advance very good post, i really like it… but i have a question…

how the server sends the client certificate to client side?

can u reply in java code, thanx in advance

]]>