[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

AW: [iaik-ssl]cu|| Why no client side certificate is available?



Hello,

> I positively added a Class 3 Verisgin certificate to the client side
context.
Does client cert you have added via addClientCredentials belong to a chain
that leads to any of the CAs accepted by the server?:

CN=VeriSign Class 3 Public Primary Certification Authority - G3,
OU=(c) 1999 VeriSign, Inc. - For authorized use only,
OU=VeriSign Trust Network,
O=VeriSign, Inc.,
C=US

OU=VeriSign Trust Network,OU=(c) 1998 VeriSign, Inc. - For authorized use
only,
OU=Class 3 Public Primary Certification Authority - G2,
O=VeriSign, Inc.,
C=US

OU=Class 3 Public Primary Certification Authority,O=VeriSign, Inc.,
C=US

Regards,
Dieter Bratko

-----Ursprungliche Nachricht-----
Von: iaik-ssl-owner@iaik.at [mailto:iaik-ssl-owner@iaik.at]Im Auftrag
von Lei Gu
Gesendet: Dienstag, 19. Marz 2002 03:44
An: iaik-ssl@iaik.at
Betreff: [iaik-ssl]cu|| Why no client side certificate is available?


Hello,
I ran into a problem when I turn out client side certificate authentication
using HTTPS.
I add the client side certificate and private key to SSLClientContext but
the debug message
saying "no certificate was sent".
I know this question has been posted a few times and no one has given an
answer.

Please help.
Thanks.

Below is the output of the debug info:
--------------------------
sl_debug(1): Starting handshake (iSaSiLk 3.03)...
ssl_debug(1): Sending v3 client_hello message, requesting version 3.1...
ssl_debug(1): Received v3 server_hello handshake message.
ssl_debug(1): Server selected SSL version 3.1.
ssl_debug(1): Server created new session 48:71:3E:2A:26:D8:FA:75...
ssl_debug(1): CipherSuite selected by server: SSL_RSA_WITH_3DES_EDE_CBC_SHA
ssl_debug(1): CompressionMethod selected by server: NULL
ssl_debug(1): Received certificate handshake message with server
certificate.
ssl_debug(1): Server sent a 1024 bit RSA certificate, chain has 2 elements.
ssl_debug(1): ChainVerifier: No trusted certificate found, OK anyway.
ssl_debug(1): Received certificate_request handshake message.
ssl_debug(1): Accepted certificate types: RSA, DSA
ssl_debug(1): Accepted certificate authorities:
ssl_debug(1):   CN=VeriSign Class 3 Public Primary Certification Authority
- G3,
OU=(c) 1999 VeriSign, Inc. - For authorized use only,OU=VeriSign Trust
Network,O
=VeriSign, Inc.,C=US
ssl_debug(1):   OU=VeriSign Trust Network,OU=(c) 1998 VeriSign, Inc. - For
autho
rized use only,OU=Class 3 Public Primary Certification Authority -
G2,O=VeriSign
, Inc.,C=US
ssl_debug(1):   OU=Class 3 Public Primary Certification
Authority,O=VeriSign, In
c.,C=US
ssl_debug(1): Received server_hello_done handshake message.
ssl_debug(1): No client certificate available, sending empty certificate
message
...
ssl_debug(1): Sending client_key_exchange handshake message (1024 bit)...
ssl_debug(1): Sending change_cipher_spec message...
ssl_debug(1): Sending finished message...
ssl_debug(1): Received change_cipher_spec message.
ssl_debug(1): Received finished message.
ssl_debug(1): Session added to session cache.
ssl_debug(1): Handshake completed, statistics:
ssl_debug(1): Read 2281 bytes in 3 records, wrote 281 bytes in 4 records.
F
Time: 11.266

FAILURES!!!
============

I positively added a Class 3 Verisgin certificate to the client side
context.

Thanks again.


=====================
Lei Gu @ 4055
lgu@lightbridge.com
=====================

--
Mailinglist-archive at
http://jcewww.iaik.at/mailarchive/iaik-ssl/sslthreads.html

To unsubscribe send an email to listserv@iaik.at with the folowing content:
UNSUBSCRIBE iaik-ssl


--
Mailinglist-archive at http://jcewww.iaik.at/mailarchive/iaik-ssl/sslthreads.html

To unsubscribe send an email to listserv@iaik.at with the folowing content: UNSUBSCRIBE iaik-ssl