Comments on: Configuring Tomcat SSL Client/Server Authentication http://www.maximporges.com/2009/11/18/configuring-tomcat-ssl-clientserver-authentication/ Winning At Yelling Wed, 09 Nov 2011 16:13:16 -0800 http://wordpress.org/?v=2.8.4 hourly 1 By: Maxim Porges http://www.maximporges.com/2009/11/18/configuring-tomcat-ssl-clientserver-authentication/comment-page-1/#comment-836 Maxim Porges Mon, 05 Sep 2011 18:34:08 +0000 http://www.maximporges.com/?p=415#comment-836 I don't see any reason why what you are saying couldn't be accomplished with the contents of this article. All you need to do is send the certificate to the client, make sure it's installed in the server, and the configuration as described will work. I don’t see any reason why what you are saying couldn’t be accomplished with the contents of this article. All you need to do is send the certificate to the client, make sure it’s installed in the server, and the configuration as described will work.

]]> By: Bibekananda Mishra http://www.maximporges.com/2009/11/18/configuring-tomcat-ssl-clientserver-authentication/comment-page-1/#comment-835 Bibekananda Mishra Sun, 04 Sep 2011 06:00:29 +0000 http://www.maximporges.com/?p=415#comment-835 Hi, Thanks for your article.It really help me a lot. It would be better if you can reply to my quires. My requirement is : A client can access server resource if the certificate is installed in client trust stores. But this certificate has to be provided by the server to client explicitly .I mean by mail or any other medium. I want the server resource can be accessed to whom with i hv shared the certificate. Hi,
Thanks for your article.It really help me a lot. It would be better if you can reply to my quires.

My requirement is : A client can access server resource if the certificate is installed in client trust stores. But this certificate has to be provided by the server to client explicitly .I mean by mail or any other medium.

I want the server resource can be accessed to whom with i hv shared the certificate.

]]> By: Denise Blair http://www.maximporges.com/2009/11/18/configuring-tomcat-ssl-clientserver-authentication/comment-page-1/#comment-824 Denise Blair Thu, 11 Aug 2011 10:38:05 +0000 http://www.maximporges.com/?p=415#comment-824 Very useful, thank you Maxim. Very useful, thank you Maxim.

]]> By: Sri http://www.maximporges.com/2009/11/18/configuring-tomcat-ssl-clientserver-authentication/comment-page-1/#comment-814 Sri Fri, 10 Jun 2011 15:34:04 +0000 http://www.maximporges.com/?p=415#comment-814 The sample used old httpclient library 3.1 and does not work with current library. Related library that can be downloaded from archives at: http://archive.apache.org/dist/httpcomponents/commons-httpclient/binary/?C=M;O=D The sample used old httpclient library 3.1 and does not work with current library. Related library that can be downloaded from archives at:
http://archive.apache.org/dist/httpcomponents/commons-httpclient/binary/?C=M;O=D

]]> By: horrabin http://www.maximporges.com/2009/11/18/configuring-tomcat-ssl-clientserver-authentication/comment-page-1/#comment-806 horrabin Fri, 20 May 2011 09:20:21 +0000 http://www.maximporges.com/?p=415#comment-806 Excellent article. Clear and easy to understand. Works perfectly for me too. Thanks! Excellent article. Clear and easy to understand. Works perfectly for me too.

Thanks!

]]> By: Matabares http://www.maximporges.com/2009/11/18/configuring-tomcat-ssl-clientserver-authentication/comment-page-1/#comment-542 Matabares Tue, 30 Mar 2010 22:27:29 +0000 http://www.maximporges.com/?p=415#comment-542 Thanks!!!!!! Excellent Post. Works for me. Thanks!!!!!! Excellent Post. Works for me.

]]> By: Maxim Porges http://www.maximporges.com/2009/11/18/configuring-tomcat-ssl-clientserver-authentication/comment-page-1/#comment-468 Maxim Porges Sun, 03 Jan 2010 05:50:04 +0000 http://www.maximporges.com/?p=415#comment-468 Pankil, Here are the answers to your questions to the best of my ability. ===> how the server sends the client certificate to client side? The server doesn't send the client certificate to the client side. When you configure a truststore, the Tomcat server expects the client to send a certificate to the server. You may get prompted for a client certificate explicitly, or the server may just respond with an error indicating that a certificate was not sent. To configure a client to send a certificate, you have to follow specific instructions depending on the browser (or other user agent) you are using. There are a few examples at this URL - just Google for "client certificate installation in [browser name]" if you need help. http://web.asu.edu/community/installing-client-certificate-windows-machine Pankil,

Here are the answers to your questions to the best of my ability.

===> how the server sends the client certificate to client side?
The server doesn’t send the client certificate to the client side. When you configure a truststore, the Tomcat server expects the client to send a certificate to the server. You may get prompted for a client certificate explicitly, or the server may just respond with an error indicating that a certificate was not sent.

To configure a client to send a certificate, you have to follow specific instructions depending on the browser (or other user agent) you are using. There are a few examples at this URL – just Google for “client certificate installation in [browser name]” if you need help.

http://web.asu.edu/community/installing-client-certificate-windows-machine

]]> By: Maxim Porges http://www.maximporges.com/2009/11/18/configuring-tomcat-ssl-clientserver-authentication/comment-page-1/#comment-467 Maxim Porges Sun, 03 Jan 2010 05:45:11 +0000 http://www.maximporges.com/?p=415#comment-467 Thanks Peter, glad you liked it. To your point, I expect that both the truststore and keystore must be present to enable the appropriate SSL handshaking to take place. I've only ever configured keystore by itself (for server-only auth for SSL connections) and both truststore and keystore (for client/server auth) - never truststore only. Thanks Peter, glad you liked it.

To your point, I expect that both the truststore and keystore must be present to enable the appropriate SSL handshaking to take place. I’ve only ever configured keystore by itself (for server-only auth for SSL connections) and both truststore and keystore (for client/server auth) – never truststore only.

]]> By: Peter Mularien http://www.maximporges.com/2009/11/18/configuring-tomcat-ssl-clientserver-authentication/comment-page-1/#comment-466 Peter Mularien Sat, 02 Jan 2010 21:56:17 +0000 http://www.maximporges.com/?p=415#comment-466 Thank you for the great tutorial - it's the best write-up of an often confused topic I've seen online. One thing that you may want to note is that it is mandatory to configure both the truststore and the keystore, otherwise Tomcat will not consider a certificate, even if everything is otherwise correctly configured. Thank you for the great tutorial – it’s the best write-up of an often confused topic I’ve seen online. One thing that you may want to note is that it is mandatory to configure both the truststore and the keystore, otherwise Tomcat will not consider a certificate, even if everything is otherwise correctly configured.

]]> By: Pankil http://www.maximporges.com/2009/11/18/configuring-tomcat-ssl-clientserver-authentication/comment-page-1/#comment-458 Pankil Fri, 18 Dec 2009 11:02:14 +0000 http://www.maximporges.com/?p=415#comment-458 good post, thanx but when client requests server page, at that time when client trust servers certificate, server certificate installed on client side.....its happening in my pcs... please give me some help thnax in advance good post,
thanx but when client requests server page, at that time when client trust servers certificate, server certificate installed on client side…..its happening in my pcs…

please give me some help

thnax in advance

]]>