On 20.8.2010 0:44, aravidu wrote:
I don't have a client.keystore.
Commands I used for creating a truststore& adding keys to it:
keytool" -export -alias clientcert -file client-cert.cer -keystore
tomcat.truststore
keytool" -import -file client-cert.cer -alias clientcert -keystore
tomcat.truststore
That is wrong since you are configuring Tomcat to trust itself.
What you need to do is to configure Tomcat to trust the client, and to
add client *private and public key* (pkcs12 file) to Firefox. So, you
don't import .cert file (that is just public key) into Firefox but
.pkcs12/.p12 file (it contains both private and public key).
You need to delete tomcat.truststore you created, and do steps 2-5 as I
described:
2. generate ClientPublic+ClientPrivate in, say, client.keystore file,
3. import ClientPublic in tomcat.truststore, and
4. import ClientPublic+ClientPrivate (usually in form of pkcs12 file) in
firefox ("Your certificates" tab inside certificate manager).
5. import ServerPublic in firefox
Something like this:
(...)
2. keytool -genkeypair -keystore client.keystore ...
3a. keytool -exportcert -keystore client.keystore -file client.cert ...
3b. keytool -importcert -keystore server.truststore -file client.cert ...
4a. convert client.keystore to client.pkcs12 (google for that)
4b. Firefox, Tools, Options, Advanced, View Certificates, Your
certificates, Import, client.pkcs12
5. Point firefox to webapp, add security exception.
Regards,
Ognjen
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
