Re: Export CACertificate to Tomcat

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: users@xxxxxxxxxxxxxxxx
Subject: Re: Export CACertificate to Tomcat
From: Tina Exner <texner@xxxxxxxxxxxxxx>
Date: Thu, 5 Aug 2010 12:19:52 +0200
In-reply-to: <4C56D6BD.2040009@xxxxxxxxxxxxxx>
Organization: picturesafe /media/data/bank GmbH
Reply-to: users@xxxxxxxxxxxxxxxx
Reply-to: "Exner, Tina" <texner@xxxxxxxxxxxxxx>
User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; de; rv:1.9.1.11) Gecko/20100711 Lightning/1.0b1 Thunderbird/3.0.6

did nobody know a solution for this problem?

hi all,

we have a nexus multiid server for certificate authentication.
i try to pass the client smartcard certificates from apache to tomcat server.
the tomcat talks to the nexus and the authentication take effect.

when i try to export the client ca certificate to the tomcat server
i get the following errors:

[Mon Aug 02 15:36:40 2010] [error] [client] Certificate Verification: Error (20): unable to get local issuer certificate
[Mon Aug 02 15:36:40 2010] [error] [client] Re-negotiation handshake failed: Not accepted by client!?

@Firefox:
(Fehlercode: ssl_error_unknown_ca_alert)

this is my ssl configuration:

<IfModule ssl_module>
          SSLVerifyClient none
          SSLVerifyDepth 5

          #SSLOptions +ExportCertData +StrictRequire +StdEnvVars +FakeBasicAuth
          SSLOptions +ExportCertData

          #SSLCACertificateFile conf/ssl/Certificate.cer

      </IfModule>

       <Location /nexus>
                SSLVerifyClient         require
                SSLVerifyDepth          5

                #SSLCACertificateFile    /ps/apache2.2/testsystem1/conf/ssl/Certificate.crt
                #SSLOptions             +ExportCertData +StrictRequire +StdEnvVars +FakeBasicAuth
                SSLOptions              +ExportCertData +StdEnvVars
                #SSLRequireSSL
       </Location>

my jk.conf:

JkExtractSSL          On
JkHTTPSIndicator      HTTPS
JkSESSIONIndicator    SSL_SESSION_ID
JkCIPHERIndicator     SSL_CIPHER
JkCERTSIndicator      SSL_CLIENT_CERT
JkEnvVar              SSL_CLIENT_CERT SSL_CLIENT_CERT
JkOptions             +ForwardSSLCertChain

i use apache 2.2.13-3 and openssl 0.9.8a.

Any hints on what might have gone wrong will be highly useful.

regards
Tin

References:
- Export CACertificate to Tomcat
  - From: Tina Exner

Prev by Date: strange behaviour: SSLCACertificatePath and SSLCACertificateFile not giving the same result?
Next by Date: Re: strange behaviour: SSLCACertificatePath and SSLCACertificateFile not giving the same result?
Previous by thread: Export CACertificate to Tomcat
Next by thread: Re: Export CACertificate to Tomcat
Index(es):
- Date
- Thread

[Index of Archives] [Open SSH Users] [Linux ACPI] [Linux Kernel] [Linux Laptop] [Kernel Newbies] [Security] [Netfilter] [Bugtraq] [Squid] [Yosemite News] [MIPS Linux] [ARM Linux] [Linux Security] [Linux RAID] [Samba] [Video 4 Linux] [Device Mapper]