Hello dear Tomcat Users and Developers,
I'm want my tomcat to use Client Authentication to check access of different
users. I created all certs (HTTPS works) but if I connect with a Client and
send my Client Cert I always get a 403 Error. I don't think it'S a problem of
certificates but of the configuration of tomcat. This is the config for the
Client-Auth in the web.xml:
<security-constraint>
<web-resource-collection>
<web-resource-name>PartNos</web-resource-name>
<url-pattern>/TNR/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
<security-role>
<role-name>secureconn</role-name>
</security-role>
<security-role>
<role-name>admin</role-name>
</security-role>
<security-constraint>
<web-resource-collection>
<web-resource-name>PartNoSecure</web-resource-name>
<url-pattern>/TNR/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>secureconn</role-name>
<role-name>admin</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>CLIENT-CERT</auth-method>
</login-config>
And this is my tomcat-users.xml ("Maximilian Schmidt" is the CN of my
client-certificate):
<role rolename="admin" />
<role rolename="secureconn"/>
<user username="Maximilian Schmidt" password="123456789"
roles="secureconn, admin"/>
And finally the server.xml Connector:
<Connector port="443"
protocol="org.apache.coyote.http11.Http11NioProtocol" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
keystoreFile="C:\Users\mschm223\Documents\My-PKI\keystore\keystore.jks"
keystorePass="123456" keyAlias="server_cert_req"
clientAuth="true" sslProtocol="TLS"
truststoreFile="C:\Users\mschm223\Documents\My-PKI\keystore\truststore.jks"
truststorePass="123456" />
I looked into the Logfiles but there are no errors. I am using Tomcat 6.0.36
and Windows 7. Thank you very much for your help
Sincerelly,
Maximilian Schmidt
