I would like to setup Client Certificate Auth with my tomcat. I've configured the webapp for this auth and this is my tomcat config. I'm using Windows PKI for my certificates so i have pfx files. The keystore with my pfx for ssl works fine. I can access with port 443 when i disable clientauth.
<Connector port="443" protocol="HTTP/1.1" SSLEnabled="true" maxThreads="150" scheme="https" secure="true" clientAuth="true" sslProtocol="TLS" keystoreFile="D:\SSL\Keystore\.keystore" keystorePass="Pass" maxHttpHeaderSize="65536"/>
This webapp has also a mobile app. I've installed a pfx certificate on my ios and tried to connect. In Wireshark i can see
Client Hello
Server Hello, Certificate, Server Key Exchange, Certificate Request, Server Hello Done
Certificate
Client Key Exchange
Encrypted Handshake Massage
For the Client Key Exchange Handshake Protocol Diffie-Hellman is used.
Diffie-Hellman Client Params
Pubkey Length: 96
Pubkey: 3e11d540564377e996b0f7d13de11838ccc7f0d00f918592...
When i access the webapp via browser, i get to the point where i can choose a certificate but somehow it's not showing me the certificate that i want to use.
Client Hello
Server Hello, Certificate, Server Key Exchange, Certificate Request, Server Hello Done
Certificate, Client Key Exchange, Certificate Verify, Change Cipher Spec, Encrypted Handshake Massage
Encrypted Handshake Massage
So it looks like i don't have the correct certificate or the web app is not configured correct. I just want to make sure i'm not missing something in my tomcat config.
Aucun commentaire:
Enregistrer un commentaire