> -----Messaggio originale----- > Da: Jason Pyeron [mailto:jpye...@pdinc.us] > Inviato: martedì 20 ottobre 2009 13.03 > A: 'Tomcat Users List' > Oggetto: RE: clent authentication using a smard card > > > -----Original Message----- > > From: Marcello Marangio [mailto:m.maran...@innova.puglia.it] > > > Da: Jason Pyeron [mailto:jpye...@pdinc.us] > > > > From: Marcello Marangio [mailto:m.maran...@innova.puglia.it] > > > > > Da: Jason Pyeron [mailto:jpye...@pdinc.us] > > > > > > > > Ok. > > > > I made the same thing with IE and in the debug it says "null cert > > > > chain" > > > > during the client authentication handshake. > > > > Now I am confused... > > > > > > > > > > Lets step back and look. > > > > > > Can you provide the smart card and server certificate chain > > (no keys > > > please)? > > > > Hang on a second... > > The server certificate is an self signed certificate I made > > with keytool. > > The smart card certificate, instead, is a real one, I use to > > legally sign electronic documents; the issuer is an Italian CA. > > > > Do you expect the issuer of the smart card certificate to be > > the same as the server one? > > Not always. > > Lets take for example: > > > https://mail.pdinc.us <-PD Inc Public CA<-PD Inc Root CA > > and > > MySmartCard <- DOD EMAIL CA-15 <- DoD Root CA-2 > > The smime cert used on this email > > I can use my smart card to auth againstthe server. But the server must > know > about DoD Root CA-2. >
Ok. In my case: https://localhost <- self signed certificate and Mysmartcard <- my certificate <- infocamere root CA And in my trusted certificates keystore there is infocamere root CA. Please find in attachment a signed text file you can read my cert info from. Thanks Marcello
myfile.txt.p7m
Description: S/MIME encrypted message
--------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
