InstantForum.NET v4.1.3SSL Forumshttp://forums.ssl.com/forums@ssl.comFri, 30 Jul 2010 03:22:58 GMT20http://forums.ssl.com/Topic278-3-1.aspxHi, </P><P>I'm modifying an existing tomcat server to use client authentication.</P><P>I'm using a self-signed CA to sign both my server and client certificate. When testing the connection using openssl, i get the following errors:</P><P>C:\OpenSSL\bin&gt;openssl s_client -connect wppan:8443 -cert c:\test\tc5.5\2\client<BR>\clientCert.pem -key c:\test\tc5.5\2\client\client.key -CAfile c:\test\tc5.5\2\ca\ca.pem<BR>Loading 'screen' into random state - done<BR>CONNECTED(00000778)<BR>depth=1 /C=MY/ST=Johor/L=Johor Bahru/O=CA Org/OU=CA Unit/CN=my_ca/emailAddress=a<A href="mailto:Unit/CN=my_ca/emailAddress=admin@inforco.com.my">dmin@inforco.com.my</A><BR>verify return:1<BR>depth=0 /C=MY/ST=Johor/L=Johor Bahru/O=Server Organization/OU=Server Unit/CN=wppan<BR>verify return:1<BR>3760:error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca:.\ssl\s3<BR>_pkt.c:1060:SSL alert number 48<BR>3760:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:.\ssl\s23_lib<BR>.c:188:</P><P>My server.xml configuration settings is as follows:</P><P> &lt;Connector port="8443" maxHttpHeaderSize="8192"<BR> maxThreads="150" minSpareThreads="25" maxSpareThreads="75"<BR> enableLookups="false" disableUploadTimeout="true"<BR> acceptCount="100" scheme="https" secure="true"<BR> protocol="HTTP/1.1"<BR> sslProtocol="TLS" <BR> SSLEngine="on"<BR> SSLCertificateFile="C:\test\tc5.5\2\server\serverCert.pem"<BR> SSLCertificateKeyFile="C:\test\tc5.5\2\server\serverExp.key"<BR> SSLVerifyClient="require" </P><P> <BR> <BR> /&gt;</P><P>Can u advice me where goes wrong with my settings?Wed, 01 Jul 2009 05:10:49 GMTwppanjb