How to do two-way authentication on tomcat?

Question

How to do Two-way SSL authentication on tomcat using OpenSSL self signed certificates - Need to use EC DSA for generating certificates.

Suggestions much appreciated.Thanks in advance

Answer 1

I could able to identify solution after many days of search. Steps below explains, two-way authentication using openssl self signed certificate on tomcat.

Server Key Generation: generate server private key :

`openssl ecparam -name prime256v1 -out serverKey.pem -genkey`

generate the self-signed certificate for the server,

`openssl req -new -x509 -key serverKey.pem  -out serverCert.pem -days 3650`

generate a keystore in JKS format

`openssl pkcs12 -export -out ServerKeystore.pkcs12 -in serverCert.pem -inkey serverKey.pem`

convert serverkeystore.pkcs12 file to JKS format keystore

`keytool -importkeystore -alias 1 -srckeystore ServerKeystore.pkcs12 -srcstoretype PKCS12 -destkeystore ServerKeystore.jks -deststoretype JKS`

Client Key Generation Follow similar steps to generate private key and self signed certificate for client

generate Client Key:

`openssl ecparam -out clientKey.pem -name prime256v1 -genkey`

generate the self-signed certificate for client:

`openssl req -new -x509 -key clientKey.pem  -out clientCert.pem -days 365`

pkcs12 - to browser

`openssl pkcs12 -export -out clientKeystore.pkcs12 -in clientCert.pem -inkey clientKey.pem`

Import this clientkeystore.pkcs12 file into firefox browser. Get client keystore file.

keytool -import -alias mockdis -keystore clientTrustore.jks -file clientCert.pem

Tomcat configuration :

<Connector port="8443" protocol="HTTP/1.1"
               maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
               clientAuth="true" sslProtocol="TLS" keyAlias="1" keystoreFile="D:\OpenSSL-Win32\bin\ServerKeystore.jks"
                keystorePass="changeit" truststoreFile="D:\OpenSSL-Win32\bin\clientTrustore.jks"
                truststorePass="changeit" />