39 lines
1.6 KiB
Plaintext
39 lines
1.6 KiB
Plaintext
|
|
This directory contains some example certificates for the X.509 version of the contacts
|
|
application. They have all been generated using openssl with a demo certificate authority.
|
|
The password for all the files is "password"
|
|
|
|
- marissa.p12 is a pkcs12 file containing the client certificate and private key for
|
|
the user marissa, and should be imported into your browser.
|
|
|
|
- server.p12 is a pkcs12 file containing a server certificate and private key.
|
|
|
|
- ca.jks is a java keystore file[1] containing the CA public certificate. This is used as
|
|
the trust store for the server to indicate which client certificates are valid.
|
|
|
|
The app has been tested in JBoss 3.2.7 (Tomcat 5.0) using the following configuration for
|
|
the connector:
|
|
|
|
<!-- SSL/TLS Connector configuration -->
|
|
<Connector port="8443" address="${jboss.bind.address}"
|
|
maxThreads="100" minSpareThreads="2" maxSpareThreads="10"
|
|
scheme="https" secure="true"
|
|
sslProtocol = "TLS"
|
|
clientAuth="want" keystoreFile="${jboss.server.home.dir}/conf/server.p12"
|
|
keystoreType="PKCS12" keystorePass="password"
|
|
truststoreFile="${jboss.server.home.dir}/conf/ca.jks"
|
|
truststoreType="JKS" truststorePass="password"
|
|
/>
|
|
|
|
To try out the application, first get the server running with client authentication enabled.
|
|
|
|
|
|
|
|
|
|
[1] This was origially also a pkcs12 file. However I couldn't get tomcat to work with
|
|
it unless it contained the CA's private key as well as the certificate, which is obviously
|
|
not feasible. If anyone works out how to get Tomcat to work with a pkcs12 file containing
|
|
a single certificate, then please let me know.
|
|
|
|
$Id$
|