"Christopher Schultz" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Chandra, > > Chandra Madhumanchi (cmadhuma) wrote: >> Do we have any solution ssl 2 way configuration on tamcat webserver >> through .Net Client > > If you're just trying to connect to Tomcat using SSL from a .Net client, > there's no special configuration when using a non-.Net client. > >> when i am validating client certificate by using .net class(sslStream) >> http://msdn.microsoft.com/en-us/library/system.net.security.sslstream.as >> px >> i am getting error like SSPI failed. > > This list isn't the best one to ask .Net questions. Generally, the > client certificate is delivered FROM the client (your .Net code) to the > server (Tomcat). Is Tomcat giving you the error, or is .Net giving you > the error? > > Please post the entire stack trace of the exception you are getting, as > well as any message you are getting in a log file. "like SSPI failed" is > not very precise. > >> clientAuth="true" >> keystoreFile="server.keystore" > > This looks okay. Does your keystore have the client's certificate in it? > What about a certificate that has signed the client's certificate? > Perhaps a dump of your keystore would be helpful, too. >
This seems to be a common misconception. The keystoreFile plays no role in authenticating client certs in Tomcat. It is only used to get the server cert. The truststoreFile attribute is what is used to validate client certs. If it is omitted, then you just get the trusted root certs provided by your JVM vendor (e.g. the cacerts file for the Sun JVM). > Can you get this to work through a web browser? Honestly, the .Netedness > of the client is irrelevant. > > - -chris > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.9 (MingW32) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > > iEYEARECAAYFAkklkrwACgkQ9CaO5/Lv0PBb4wCcCGOCla20G8qrta2kwN+B589R > zKsAoMIXymYXlmGB1bZxVWqnhmSHbBBZ > =d71m > -----END PGP SIGNATURE----- > > --------------------------------------------------------------------- > To start a new topic, e-mail: users@tomcat.apache.org > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
