Export CACertificate to Tomcat

Author Login • Post Reply

hi all,

we have a nexus multiid server for certificate authentication.
i try to pass the client smartcard certificates from apache to tomcat server.
the tomcat talks to the nexus and the authentication take effect.

when i try to export the client ca certificate to the tomcat server
i get the following errors:

[Mon Aug 02 15:36:40 2010] [error] [client] Certificate Verification: Error (20): unable to get local issuer certificate
[Mon Aug 02 15:36:40 2010] [error] [client] Re-negotiation handshake failed: Not accepted by client!?

@Firefox:
(Fehlercode: ssl_error_unknown_ca_alert)

this is my ssl configuration:

<IfModule ssl_module>
          SSLVerifyClient none
          SSLVerifyDepth 5

          #SSLOptions +ExportCertData +StrictRequire +StdEnvVars +FakeBasicAuth
          SSLOptions +ExportCertData

          #SSLCACertificateFile conf/ssl/Certificate.cer

      </IfModule>

       <Location /nexus>
                SSLVerifyClient         require
                SSLVerifyDepth          5

                #SSLCACertificateFile    /ps/apache2.2/testsystem1/conf/ssl/Certificate.crt
                #SSLOptions             +ExportCertData +StrictRequire +StdEnvVars +FakeBasicAuth
                SSLOptions              +ExportCertData +StdEnvVars
                #SSLRequireSSL
       </Location>

my jk.conf:

JkExtractSSL          On
JkHTTPSIndicator      HTTPS
JkSESSIONIndicator    SSL_SESSION_ID
JkCIPHERIndicator     SSL_CIPHER
JkCERTSIndicator      SSL_CLIENT_CERT
JkEnvVar              SSL_CLIENT_CERT SSL_CLIENT_CERT
JkOptions             +ForwardSSLCertChain

i use apache 2.2.13-3 and openssl 0.9.8a.

Any hints on what might have gone wrong will be highly useful.

regards
Tim

[users@httpd] Export CACertificate to Tomcat

Tina Exner

2010-08-02