Hi Jason, tank for your answer. > > > > Hi all > > > > This is my very first message in the list. > > > > I am trying to use the ssl and client authentication feature > > in tomcat 6, using a pkcs11 compliant smart card reader and a > > real authentication smart card (Italian CNS). > > > > In the browser (firefox) I obtain a > > First, make sure your browser knows about the certificate and smart card > reader. > We have been having with recent firefox releases on this. The debuging > steps I > would take are 1) Use Windows / IE, if the server requires or requests a > client > cert it will pop up a selection window even if IE does not know how to > fulfil > the request. Thi will indicate if Tomcat is or is not requesting client > certs. > 2) Verify IE know about the smart card cert, user the certmgr.msc to see > if the > smartcard certificate is installed, as well as the trust chain. > 3) Verify IE prompts for the smartcard cert in the client cert popup > selection > dialog. > 4) Verify Tomcat <-> IE talk over SSL. > > > >
It seems that firefox behaves: if the smartcard is in firefox asks the PIN of the smartcard. I am pretty sure it can read my smartcard, because I can use mod_ssl with Apache 2.2 and I can read the certificate's information with a perl routine. Furthermore, from the debug logs it is clear that there is an ssl handshaking going on. Any clue? Thanks M [CUT ] > > > > Is tomcat's behavoir correct or is it a bug? > > > > The above steps will allow a more quickly diagnosis. > > > > > > > Thanks a million > > > > Marcello > > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
