Dear tomcat users,
I run tomcat 6.0.18 under java 6 and am attempting to set up client authentication via SSL. I have followed the instructions here: http://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html, with Tomcat using the default SSL implementation. We act as our own CA, so I have set up java keystores at both server and client, each of which has the same CA certificate, but a distinct actual certificate. I am attempting to test using HttpClient as described here: http://hc.apache.org/httpclient-3.x/sslguide.html and am using AuthSSLProtocolSocketFactory. The client gets hold of the server certificates OK but then the test fails with the error : Fatal transport error: Received fatal alert: certificate_unknown javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_unknown at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source) at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.recvAlert(Unknown Source)..... I see no sign of any logging of the SSL handshake at the server side. If I switch off client authentication (in server.xml) at the server, everything's fine. Similarly, if I actually use the keystore that contains the server certs at the client side, all's OK too. I'd appreciate any help you can give - particularly if you can help me log the SSL handshake at the server to try to figure out what's happening. Cheers John Watson ********************************************************************** Satellite Information Services Limited. Registered Office: 17 Corsham Street, London, N1 6DR. Company No. 4243307 The information in this email (which includes any files transmitted with it) is confidential and is intended for the addressee only. Unauthorized recipients are required to maintain confidentiality. If you have received this email in error please notify the sender immediately, destroy any copies and delete it from your computer system. **********************************************************************
