0

When we are running Apache Tomcat from IDE's toolbar, we can not browse https

enter image description here

but when we are running with tomcat7.exe file, it can browse with https and accept certificate.

In server.xml, we wrote a connector tag as follow.

<Connector 
        clientAuth="true" port="8443" minSpareThreads="5" maxSpareThreads="75"
        enableLookups="true" disableUploadTimeout="true"
        acceptCount="100" maxThreads="200"
        keystorePass="123456"
        scheme="https" secure="true" SSLEnabled="true"
        SSLCertificateFile="C:\Program Files\Apache Software Foundation\Tomcat 7.0\ycassl.cer"
        SSLCertificateKeyFile="C:\Program Files\Apache Software Foundation\Tomcat 7.0\ycassl.key" 
        SSLCACertificateFile="C:\Program Files\Apache Software Foundation\Tomcat 7.0\CertPath.txt"      
        SSLVerifyClient="require" SSLEngine="on" SSLVerifyDepth="2" sslProtocol="TLS"
    />

What wrong in these two? Please explain me.

Sharifah
  • 361
  • 2
  • 17
  • 30
  • Follow this [link](http://stackoverflow.com/questions/11895615/running-tomcat7-for-https/11895763#11895763) this could be helpful – thar45 Sep 03 '12 at 10:36

3 Answers3

0

These lines of your config file are demanding a client certificate from the user:

SSLCACertificateFile="CertPath.txt"
SSLVerifyClient="require" SSLEngine="on" SSLVerifyDepth="2" sslProtocol="TLS"

Your web browser is not presenting a client SSL certificate to the web server and is being rejected. You can configure Chrome to present a user certificate by following the steps here.

I can only assume your executable is configured to present such a client certificate?

Duncan Jones
  • 67,400
  • 29
  • 193
  • 254
  • Client certificate is already installed at the browser. When I running with C:\Program Files\Apache Software Foundation\Tomcat 7.0\bin\tomcat.exe, it can be accepted client certificate and can be browsed with https. But.. if I running with IDE that has tomcat plugin, it can not be accepted client certificate and can not be browsed with https. What wrong in these two. Pleas explain me. – Sharifah Sep 04 '12 at 06:08
  • Does the response from @PeterRader not help? It sounds like you need to ensure consistent settings between two different `server.xml` files. I'm guessing the `SSLCACertificateFile` settings may be different between the two. – Duncan Jones Sep 04 '12 at 06:58
  • I have one server.xml file from C:\Program Files\Apache Software Foundation\Tomcat 7.0\conf and I did not build tomcat server at IDE. I've been running tomcat from IDE's toolbar.. so, I'd no next server.xml file. I do not know how should I do. If you don't mine, please explain me. Thanks. – Sharifah Sep 04 '12 at 07:25
  • @shariphwar I would suggest you write a comment under Peter Rader's answer for his feedback - I'm guessing he knows more about this area than I do. – Duncan Jones Sep 04 '12 at 07:40
0

You use Mutual-Authentication

but you did not install (or not the correct) certificate into your browser!

Usually at Mutual Authentication the Client must install a certificate into the Webbrowser.

Grim
  • 1,938
  • 10
  • 56
  • 123
0

Using eclipse, there is a different server.xml located in workspace/Servers/tomcat v*/server.xml

Grim
  • 1,938
  • 10
  • 56
  • 123
  • I have one server.xml file from C:\Program Files\Apache Software Foundation\Tomcat 7.0\conf and I did not build tomcat server at IDE. I've been running tomcat from IDE's toolbar.. so, I'd no next server.xml file. I do not know how should I do. If you don't mine, please explain me. Thanks. – Sharifah Sep 04 '12 at 07:42
  • Ok, the Toolbar-Button-Dropdown guid you to the run-configuration. What kind of Run-Configuration do you use? "Java Application" or "Maven Build" or "Apache Tomcat"? – Grim Sep 04 '12 at 15:25
  • I used Apache Tomcat from IDE's toolbar. – Sharifah Sep 05 '12 at 02:51