https://issues.apache.org/bugzilla/show_bug.cgi?id=52308
Bug #: 52308
Summary: Fatal alert: certificate_unknown when test SSL with
expired client cert
Product: Tomcat 5
Version: 5.0.0
Platform: PC
OS/Version: Linux
Status: NEW
Severity: blocker
Priority: P2
Component: Servlets:SSI
AssignedTo: dev@tomcat.apache.org
ReportedBy: dineshsa...@hotmail.com
Classification: Unclassified
I am testing SSL connection with jboss-5.1.0.GA (using Tomcat) and java version
"1.6.0_03"
Below is the setting of my server.xml in JBoss
<Connector protocol="HTTP/1.1" SSLEnabled="true"
port="443" address="${jboss.bind.address}"
scheme="https" secure="true" clientAuth="true"
keystoreFile="${jboss.server.home.dir}/conf/ssl/keystore.jks"
keystorePass="asdf1234" sslProtocol = "TLS"
truststoreFile="${jboss.server.home.dir}/conf/ssl/keystore.jks"
truststorePass="asdf1234"
ciphers="TLS_RSA_WITH_3DES_EDE_CBC_SHA,TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA" />
It works ok with the valid client cert.
But when I test with expired client cert,
the client side will receive fatal alert: certificate_unknown but not the
expected result
fatal alert: certificate_expired.
Also JBOSS LOG
09:38:46,969 INFO [STDOUT] ***
09:38:46,978 INFO [STDOUT] http-192.168.20.150-443-1
09:38:46,978 INFO [STDOUT] , SEND SSLv3 ALERT:
09:38:46,978 INFO [STDOUT] fatal,
09:38:46,978 INFO [STDOUT] description = certificate_unknown
Any idea of which part may cause the problem? Thank you.
Best regards
Dinesh S
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
