[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[iaik-ssl]cu|| PKCS12 client certificate



I am facing a vexing problem in presenting a PKCS12 certificate 
(exported through netscape browser) to the SSLServer sample through a 
java client applicatiom.Though the request is successful when the 
certificate is presented from a browser,the server throws a 'bad 
certificate' error when the certificate is presented through the client 
application,and the  handshake fails.I also noticed that the    bit-size 
of the certificate when presented through the two media (browser and 
client application)are    different.The code sample is

           PKCS12 pk = new PKCS12( fis );

          pk.decrypt(password);

          System.out.println(pk.getKeyBag().getPrivateKey());

          PrivateKey private_key = pk.getKeyBag().getPrivateKey();

          System.out.println(pk);

          iaik.pkcs.pkcs12.CertificateBag[] bg = 
pk.getCertificateBags();

          System.out.println("------------");

          System.out.println(bg[0]);

          System.out.println("---------------" + bg.length);

          System.out.println(bg[0].getCertificate());

          X509Certificate[] ctf = new X509Certificate[1];

          ctf[0] = (X509Certificate)bg[0].getCertificate();
          CertificateBag[] cb;
          cb = pk.getCertificateBags();
          X509Certificate[] cert;
          cert = CertificateBag.getCertificates(cb);

           SSLClientContext contxt=new SSLClientContext();
           contxt.setChainVerifier(cv);
           contxt.addClientCredentials(cert, private_key);

           ((HttpsURLConnection)con).setSSLContext(contxt);
           con.setRequestMethod(httpMethod);
           con.setDoOutput(true);
           con.setDoInput(true);
The error footprint on the server is:
ssl_debug(1): Sending server_hello handshake message.
ssl_debug(1): Selecting CipherSuite: SSL_RSA_WITH_3DES_EDE_CBC_SHA
ssl_debug(1): Selecting CompressionMethod: NULL
ssl_debug(1): Sending certificate handshake message with server 
certificate...
ssl_debug(1): Sending certificate_request handshake message...
ssl_debug(1): Sending server_hello_done handshake message...
ssl_debug(1): Received certificate handshake message with client 
certificate.
ssl_debug(1): Client sent a 512 bit RSA certificate, chain has 2 
elements.
ssl_debug(1): Received client_key_exchange handshake message.
ssl_debug(1): Received certificate_verify handshake message.
ssl_debug(1): Sending alert: Alert Fatal: bad certificate
ssl_debug(1): Shutting down SSL layer...
ssl_debug(1): SSLException while handshaking: Certificate verify message 
signature error!
An exception occured:
iaik.security.ssl.SSLException: Certificate verify message signature 
error!
        at iaik.security.ssl.f.c(Unknown Source)
        at iaik.security.ssl.f.a(Unknown Source)
        at iaik.security.ssl.r.d(Unknown Source)
        at iaik.security.ssl.SSLTransport.startHandshake(Unknown Source)
        at iaik.security.ssl.SSLTransport.getOutputStream(Unknown 
Source)
        at iaik.security.ssl.SSLSocket.getOutputStream(Unknown Source)
        at demo.basic.SSLServer.main0(SSLServer.java:99)
        at demo.basic.SSLServer.main(SSLServer.java:149)

 
Can anyone suggest a solution?  thanks a lot in advance

Ranadhir Nag
Wipro Technologies,
Electronic City,Bangalore
# 8520408 -5366


**************************Disclaimer************************************
      


Information contained in this E-MAIL being proprietary to Wipro Limited
is 'privileged' and 'confidential' and intended for use only by the
individual or entity to which it is addressed. You are notified that any
use, copying or dissemination of the information contained in the E-MAIL
in any manner whatsoever is strictly prohibited.



 ********************************************************************