Context Navigation

User Auth with SSL in Tomcat

1. Create a JKS store with the server cert, key, and CA in it

2. Activate the containers https server, setting clientAuth="true", keystoreFile and truststoreFile, even if they are the same file. Without truststore we can't check certificates.

    <Connector port="8443" maxHttpHeaderSize="8192"
               maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
               enableLookups="false" disableUploadTimeout="true"
               acceptCount="100" scheme="https" secure="true"
               clientAuth="true" sslProtocol="TLS" 
                truststoreFile="conf/singer.jks"
                keystoreFile="conf/singer.jks" keystorePass="tomcat"/>

3. Create a client cert from the same CA to test with.

4. Setup a jsp page in the ROOT context

<%@ page
      import="java.security.cert.X509Certificate"
%>
<%
X509Certificate[] cert = ((X509Certificate[])request.getAttribute("javax.servlet.request.X509Certificate"));

for (int i = 0 ; i < cert.length ; i++ ) {
    out.println("<p>"+cert[i].getSubjectDN()+"</p>");
}
%>

5. wget the page using the client certs

wget --no-check-certificate --certificate=usercert.pem --private-key=userkey.pem https://localhost:8443/test.jsp

Download in other formats:

Plain Text