Etoken + Tomcat problem

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Etoken + Tomcat problem

Carol Chamblas
hi
i'm working with tomcat 4.X (servlet) and i want to load a certificate from
an eToken USB PRO (from aladdin).

i changed the server.xml (clientAuth="true") and i have a .keystore, and the
connection https://myIP:8443 is working.

the problem is that when the browser list the certificates to the user to
select one, it don't show the eToken USB PRO to choose.

why it don't show?


--
"Nada es imposible,
hasta que se demuestre lo contrario" - yo
Reply | Threaded
Open this post in threaded view
|

Re: Etoken + Tomcat problem

markt
Carol Chamblas wrote:

> hi
> i'm working with tomcat 4.X (servlet) and i want to load a certificate from
> an eToken USB PRO (from aladdin).
>
> i changed the server.xml (clientAuth="true") and i have a .keystore, and the
> connection https://myIP:8443 is working.
>
> the problem is that when the browser list the certificates to the user to
> select one, it don't show the eToken USB PRO to choose.
>
> why it don't show?

<background>
As part of the SSL authentication process, Tomcat sends a list of
trusted certificate authorities to the browser. Tomcat gets this list
from Java file cacerts. Tomcat will only accept client certificates that
can be traced back to one of these CAs. To prevent the user selecting a
certificate that will be rejected, the browser then uses this list to
filter the user certificates presented to be used for authentication.
</background>

I suspect that either your browser doesn't know to look at your token
for certificates or the CA associated with your client cert isn't listed
in the Java cacerts file.

Mark

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]