I'm facing some problems with the SSL configuration in tomcat. I created the store.jks using keytool and the certificates using openssl. Self Signed the certificate request too. Then exported the client certificate to pk12 format for browsers.
The website was accessible like always but was giving an certificate error(red padlock). Then i imported and installed manually the client certificate in the browser. Restarted the browser and the certificate error went away thus showing a green padlock.
Removed the client certificate then restarted the browser and tomcat. The website was blocked giving an Error 117 (net::ERR_BAD_SSL_CLIENT_AUTH_CERT): Bad SSL client authentication certificate (which is expected). But then after i manually installed the client certificate, the website was still blocked and giving the same error as before.
Why is it still blocking the client? I already installed the certificate in the browser.
Is this issue coming from the tomcat ssl connector or an issue with the certificates?
Thanks a lot for your answer. Actually I forgot to mention that we were on windows and not on linux. Running openssl on windows as per the link you wrote (did via cygwin) is tricky.
Any ways I found a solution on the site http://blog1.vorburger.ch/2006/08/setting-up-two-way-mutual-ssl-with.html Did some modifications on the connector settings given in the blog, fixed some simple to find typos and it ran fine.
Hoo hoo hoo! Looks like we got a live one! Here, wave this tiny ad at it: