Re: Keytool, openssl, SSLServerSocket, Client Certificate Authentication

• Subject: Re: Keytool, openssl, SSLServerSocket, Client Certificate Authentication
• From: Ben Spink <email@hidden>
• Date: Tue, 02 Sep 2008 20:30:27 -0500
• Delivered-to: email@hidden
• Delivered-to: email@hidden

Thanks,
Ben

On Sep 2, 2008, at 11:54 AM, Bruno Harbulot wrote:

Ben Spink wrote:

I want to force a web browser to present its certificate, and if I trust it via my keystore, then the connection can proceed to a user/pass authentication.
My issue is that this is failing at the cert the browser is presenting...either none, or not a valid one. It seems from your comments I am doing this correctly using the null TrustManagers. I don't want any connection to be accepted unless its a trusted cert, once that I gave them.

I'm still not clear where you set up your trust store. The code fragment you sent only configured the key store. Do you use the "javax.net.ssl.trustStore" system property in conjunction with your 'null' TrustManager?

My *guess* on this issue is that the browser is either not sending the cert since the server cert presented is untrusted, or because some other key field in the server cert is making the browser not bother sending the cert.

I've done this sort of thing successfully using FireFox 3 with servers for which I had added a temporary exception. It should not be a problem.

Best wishes,

Bruno.

_______________________________________________
Do not post admin requests to the list. They will be ignored.
Java-dev mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/java-dev/email@hidden

• Prev by Date: Re: Supplementary Text
• Next by Date: Re: Supplementary Text
• Previous by thread: Re: Keytool, openssl, SSLServerSocket, Client Certificate Authentication
• Next by thread: Preventing Package selection in JFileChooser
• Index(es):
  • Date
  • Thread