I’m running an application on a stand-alone tomcat 6 server on a Windows box. I want it to be able to request and receive client certificates from DoD CAC cards.
I have a client machine running IE that set up correctly to pass the certs from a CAC card, I know its correct because when I go to a CAC enabled site IE pops up a window asking me to chose a certificate and in that window I see the certs from my CAC card.
I have tomcat configured to request certs from the user and when I navigate to my site running on tomcat I see the same IE prompt asking me to choose my certificate, however when I’m looking at my site the list of certs is empty. In my server.xml file I’ve configured my connector like follows:
<Connector port="8443"
protocol="HTTP/1.1"
SSLEnabled="true"
maxThreads="150"
scheme="https"
secure="true"
keystoreFile="<myKeysotre>"
keystorePass="<myPassword>"
clientAuth="want"
sslProtocol="TLS" />
The place where I think I’m screwing up is in the generation of the key store file. Right now I’ve generated it using the java keytool command something like this:
keytool -genkey -alias -keypass myPassword -keystore myKeystore -storepass myPassword
I’m doing development now and I’m looking for a way to get the client certs from the CAC card to my application but I’m missing something. I’m not very familiar with how this works so I could use some help/guidance.
Thanks