Red Hat CERTIFICATE SYSTEM 7.2 - ADMINISTRATION Administration Manual page 81

failure (14290): Error receiving connection
SEC_ERROR_INADEQUATE_CERT_TYPE - Certificate type not approved for application.)
2. Stop the subsystem.
/etc/init.d/instance_ID stop
3. Open the instance configuration directory, /var/lib/instance_ID/conf.
4. Open the file CS.cfg.
5. Change the value of the authType parameter from pwd to sslclientauth:
authType=sslclientauth
6. Save the file.
7. Open the server.xml file.
8. Change the clientAuth="false" attribute to clientAuth="true" in the SSL Connector
section:
<Connector port="9443" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
clientAuth="true" sslProtocol="SSL"
.....
serverCertFile="/var/lib/rhpki-ca/conf/serverCertNick.conf"
passwordFile="/var/lib/rhpki-ca/conf/password.conf"
passwordClass="org.apache.tomcat.util.net.jss.PlainPasswordFile"
certdbDir="/var/lib/rhpki-ca/alias"/>
9. Start the subsystem.
/etc/init.d/instance_ID start
After setting up the server, then configure the client to use SSL client authentication.
The Console must have access to the administrator certificate and keys used for SSL client
authentication to the server. The Console's default certificate and key databases are stored in the
.mcc directory.
To provide access to the administrator certificate and keys, either export them from the administrator's
browser into a .p12 file and then import it by using pk12util, or copy the browser's certificate and
key databases into the .mcc directory. (This procedure assumes that the certificates are exported
from the browser into a .p12 file.)
1. Export the certificate and keys into a file, such as admin.p12.
2. Open the .mcc directory, and run pk12util to export the certificates.
pk12util -i admin.p12 -d . -W [p12filepassword]
Enabling SSL Client Authentication for the Certificate System Console
61