Win a copy of Svelte and Sapper in Action this week in the JavaScript forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Ron McLeod
  • Paul Clapham
  • Bear Bibeault
  • Junilu Lacar
Sheriffs:
  • Jeanne Boyarsky
  • Tim Cooke
  • Henry Wong
Saloon Keepers:
  • Tim Moores
  • Stephan van Hulst
  • Tim Holloway
  • salvin francis
  • Frits Walraven
Bartenders:
  • Scott Selikoff
  • Piet Souris
  • Carey Brown

SSL authentication in tomcat

 
Greenhorn
Posts: 7
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
# Create the server and application client key stores and certificates
keytool -genkeypair -alias serverkey -keyalg RSA -keysize 2048 -dname "CN=Server,OU=Application Development,O=Home,L=Auckland,S=AK,C=NZ" -keypass 123456 -storepass 123456 -keystore server.jks
keytool -genkeypair -alias clientkey -keyalg RSA -keysize 2048 -dname "CN=Client,OU=Application Development,O=Home,L=Auckland,S=AK,C=NZ" -keypass 123456 -storepass 123456 -keystore client.jks

# Copy the client's public certificate to the server's keystore
keytool -exportcert -keystore d:\client.jks -storepass 123456 -file d:\client-public.cer -alias clientkey
keytool -importcert -keystore d:\server.jks -storepass 123456 -file d:\client-public.cer -alias clientcert -noprompt

# Take a peek at the server's keystore to make sure that the client's certificate is there
keytool -v -list -keystore d:\server.jks -storepass 123456

# Copy the server's public certificate to the client's keystore
keytool -exportcert -keystore d:\server.jks -storepass 123456 -file d:\server-public.cer -alias serverkey
keytool -importcert -keystore d:\client.jks -storepass 123456 -file d:\server-public.cer -alias servercert -noprompt

# Take a peek at the client's keystore to make sure that the client's certificate is there
keytool -v -list -keystore d:\client.jks -storepass 123456

# Create a browser keystore most browsers can read easily
keytool -importkeystore -srckeystore d:\client.jks -srcstorepass 123456 -srcalias clientkey -destkeystore d:\client.p12 -deststoretype PKCS12 -deststorepass 123456 -destalias clientkey -noprompt

# Take a peek at the browser's keystore to make sure that the client's certificate is there
keytool -v -list -keystore d:\client.p12 -storetype pkcs12 -storepass 123456

keytool -importcert -trustcacerts -alias clientkey -keystore D:\sslkeys\client.jks -file D:\sslkeys\cacert.pem



by using the above commands i created client and server certificates.

in application web.xml
fallowing security securtiy constarint was given
<security-constraint>
<web-resource-collection>
<web-resource-name>Secure Task Services</web-resource-name>
<url-pattern>/rest/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>CLIENT-CERT</auth-method>
</login-config>

in Tomcat server server.xml

<Connector clientAuth="false" port="8443" minSpareThreads="5" maxSpareThreads="75"
enableLookups="true" disableUploadTimeout="true"
acceptCount="100" maxThreads="200"
scheme="https" secure="true" SSLEnabled="true"
keystoreFile="D:/sslkeys/client.jks" keystoreType="JKS" keystorePass="123456"
truststoreFile="D:/sslkeys/server.jks" truststoreType="JKS" truststorePass="123456"
SSLVerifyClient="require" SSLEngine="on" SSLVerifyDepth="2"
sslProtocol="SSL"
allowUnsafeLegacyRenegotiation="true"
/>

I am getting https://.....while giving request. but i am getting socket error exception.
please some body give me the solution
 
If you open the box, you will find Heisenberg strangling Shrodenger's cat. And waving this tiny ad:
Building a Better World in your Backyard by Paul Wheaton and Shawn Klassen-Koop
https://coderanch.com/wiki/718759/books/Building-World-Backyard-Paul-Wheaton
    Bookmark Topic Watch Topic
  • New Topic