I set up a PKCS12 store, got it running and it worked fine when browsing with Netscape (Lin & Win) and Konquerer and OpenSSL command-line, but IE would report that it could not find the server. I enabled TLS in IE internet options and tried sslProtocol="SSL" but I could not get it to work. About my IE: Version 6.0 w/all the fixes on Win2K SP4 About my P12: Created with OpenSSL 0.9.7d Had a hostname cert and root cert chained. Tomcat: 5.0.19 with SDK 1.4.2_04 OS: Linux 2.4.21 Mandrake This is what the coyote portion of my server.xml section looked like: <Connector port="443" maxThreads="150" minSpareThreads="25" maxSpareThreads="75" enableLookups="false" disableUploadTimeout="true" acceptCount="100" debug="0" scheme="https" secure="true" clientAuth="false" sslProtocol="SSL" keystoreFile="/usr/local/tomcat/conf/ssl/louisbourg.p12" keystoreType="PKCS12" keystorePass="changeit" />
I use this type of configuration regularly without problems. Also the fact that only one client seems to have problems shows that it is unlikely to be a Tomcat problem. You might try setting CATALINA_OPTS='-Djavax.net.debug=all' to help investigate why the handshake is failing. You might also want to ask on tomcat- user@jakarta.apache.org for more ideas.