[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[iaik-ssl] Bad client certificate.



Hi, I am trying to talk to a server which asks for my client certificate.  If i use IE and my certificate to go to the site it works.  If I use my java program it doesnt.  The Server contains this message in its log.
 
[25/May/2000:09:37:47] failure: Error receiving connection (SSL_ERROR_BAD_CERT_ALERT - the s
erver cannot verify your certificate.)
I am passing the same certificate that I use with IE.  it is a 60 day trial from verisign.  I am using the HttpsDemo code from the isasilk30 distribution but have modified it in 2 ways.
 
    1) i added code to read the certificate from a pkcs12 file.
    2) i call the addClientCredentials passing the cert and private key..
 
following is the relevent modified code that i use to do it..  the System.outs confirm that the cert is loaded correctly and that the certificate contains the information that I think it should..
 
    At the bottom I also call HttpsURLConnection.setDefaultSSLContext(context);  as another precaution to make sure its using my context.  I also set the context for the socket explicitly later.
 
    I did notice that in the file certificates.html documentation it refers to calling addCredentials.  that method doesnt exist but addClientCredentials does.
 
    Can anyone point out the obvious, if there is one. 
 
Thanks,
Jason Harris.

try {

FileInputStream fis = new FileInputStream("mvsr.pfx");

DataInputStream dis = new DataInputStream(fis );

PKCS12 pk = new PKCS12( fis );

char[] password = "sailsail".toCharArray();

pk.decrypt(password);

System.out.println(pk.getKeyBag().getPrivateKey());

PrivateKey private_key = pk.getKeyBag().getPrivateKey();

System.out.println(pk);

iaik.pkcs.pkcs12.CertificateBag[] bg = pk.getCertificateBags();

System.out.println("------------");

System.out.println(bg[0]);

System.out.println("---------------" + bg.length);

System.out.println(bg[0].getCertificate());

X509Certificate[] ctf = new X509Certificate[1];

ctf[0] = (X509Certificate)bg[0].getCertificate();

((SSLClientContext)context).addClientCredentials(ctf, private_key);

}catch(Exception e ) { e.printStackTrace(); }

HttpsURLConnection.setDefaultSSLContext(context);