Tomcat client certs and IE
We are working on a CAC smart card problem. Our server is Tomcat 5.5 and the browser is IE 6.0. I set the clientAuth attributes to true in the Connector element in the server.xml file.
When the user tries to access our Tomcat site, IE puts up the client cert form, but it is not populated with any of the certs from the CAC card. When we access a similar site on IIS, IE shows the list of CAC certificates and the user is able to pick one and proceed.
Has anyone else run into this problem?
--Julie
[524 byte] By [
Julie_Ea] at [2007-11-26 19:59:05]
# 1
The IE form that is giving me trouble is a popup titled thus:"Choose a Digital Certificate"When accessing a IIS server, it shows a list my client certs.When accessing a Tomcat server, the list is blank.
# 2
Hi Julie_E,
I'm having this identical problem too! I've setup my own tomcat 5.5 server and am trying to serve up a website to authenticate user's via CAC cards.
I edited the conf/server.xml file to include the SSL section which points to both a keystore and truststore files created using keytool.
I've tried adding my own certs, as well as those under the trusted CA portion in to the truststore, but when i hit my webser, nothing shows up in that darned "Choose a Digital Certificate" dialog box.
If you hear anything that fixes this, please pass it along, and I'll do the same.
Thanks!
Chuck
# 3
The popup list is populated with the key certs that may be acceptable to the server, based on IIRC the server's enabledCipherSuites, and on the certificate authorities that the server will trust, based on what's in the server's truststore.
This is all sent to the client along with the SSL CertificateRequest message. The client then looks for a key certificate that complies.
ejpa at 2007-7-9 22:55:32 >
