[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

AW: [iaik-jce] Client authentication again/how to insert client certificate in ssl3.keystore



Hello,

ssl3.keystore is only used for the demo. For that purpose you only may
uncomment line

DemoUtil.setClientCertificates(context);

for setting certificates.

However, if you write your own client (or server) you may get your
keys/certificates from any source (your own keystore, cert files,
PKCS#12,...). Use proper addCredentials methods for adding your own
keys/certificates allowing you to authenticate against the peer. Use
addTrustedCertificate (or immediately access or write a ChainVerifier) for
deciding whom you want to trust. Please refer to
http://jcewww.iaik.at/iSaSiLk/doc/certs.htm for a description on iSaSilk´s
certificate handling mechanisms.

Regards,
Dieter Bratko

-----Ursprüngliche Nachricht-----
Von: iaik-jce-owner@iaik.tu-graz.ac.at
[mailto:iaik-jce-owner@iaik.tu-graz.ac.at]Im Auftrag von Steinar
Gesendet: Samstag, 17. Februar 2001 23:20
An: iaik-jce@iaik.tu-graz.ac.at
Betreff: [iaik-jce] Client authentication again/how to insert client
certificate in ssl3.keystore


Hello,

I am running the demo.basic.SSLClient localhost:4433 againt the demo
server.
I have compiled a local version of the SSLServer where I do not allow
clients without
certificates. The SSLServer.java was changed by the comment of the
second line below.

    // accept clients without certificate as well
//    serverContext.addTrustedCertificate(null);

After funning demo.basic.SSLClient, the server output window was:
ssl_debug(1): ChainVerifier: Empty peer certificate chain, NOT OK

The client output window:

ssl_debug(1): Received alert message: Alert Fatal: bad certificate
ssl_debug(1): SSLException while handshaking: Peer sent alert: Alert
Fatal: bad
certificate

This is as expected.
However, how can I insert a valid client certifiace in the ssl3.keystore
so the client can be
authenticated by the server?

Thanks for any help. It have performed a *lot* of tests and trials, but
I can't
continue like this anymore. I need to ask for professionals advise.

With regards Steinar Orset

--
Mailinglist-archive at
http://jcewww.iaik.at/mailarchive/iaik-jce/jcethreads.html

To unsubscribe send an email to listserv@iaik.at with the folowing content:
UNSUBSCRIBE iaik-jce




smime.p7s