Client Certificate Authentication Example

Q

How to write a SSL client program that use a client certificate? The SSL is asking for client certificate authentication.

✍: FYIcenter

A

When an SSL server program is asking for client certificate authentication, it is usually coded as the following:

      serverSocket.setNeedClientAuth(true);

In the SSL client program, you need to follow these steps to provide the client certificate:

1. Load the keystore file that contains the client certificate. Remember to specify the keystore password as shown below:

      ks = KeyStore.getInstance("JKS");
      ks.load(new FileInputStream("client.jks"), "fyicenter".toCharArray());

2. Create an KeyManagerFactory instance and initialize it with the keystore.

      KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
      kmf.init(ks, "fyicenter".toCharArray());

3. Create an SSLContext instance and initialize it with Key Managers:

      SSLContext ctx = SSLContext.getInstance("TLS");
      ctx.init(kmf.getKeyManagers(), null, null);

4. Create an SSLServerSocket instance and set it to listen mode to accept incoming client requests:

      SSLServerSocketFactory ssf = ctx.getServerSocketFactory();
      SSLServerSocket ss = (SSLServerSocket)ssf.createServerSocket(port);
      SSLSocket socket = (SSLSocket) ss.accept();

Here is the entire sample program code that takes a client certificate key store file and communicates to a SSL server that asks for client certificate:

// Copyright (c) FYIcenter.com
import java.net.*;
import java.io.*;
import javax.net.ssl.*;
import java.security.KeyStore;

public class SslClientCertificateCmd {
   public static void main(String[] args) throws Exception {
      String host = "www.oracle.com";
      int port = 443;
      String url = "http://www.oracle.com/index.html";
      if (args.length < 3) {
          System.out.println("USAGE: java SslClientCmd host port url");
          System.exit(-1);
      }
      host = args[0];
      port = Integer.parseInt(args[1]);
      url = args[2];

      KeyStore ks = KeyStore.getInstance("JKS");
      ks.load(new FileInputStream("client.jks"), "fyicenter".toCharArray());
      System.out.println(ks.getCertificate("client"));
    
      KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
      kmf.init(ks, "fyicenter".toCharArray());

      SSLContext ctx = SSLContext.getInstance("TLS");
      ctx.init(kmf.getKeyManagers(), null, null);
    
    SSLSocketFactory factory = factory = ctx.getSocketFactory();
    SSLSocket socket = (SSLSocket)factory.createSocket(host, port);
    socket.startHandshake();

      PrintWriter out = new PrintWriter(new BufferedWriter(
         new OutputStreamWriter(socket.getOutputStream())));
      out.println("GET "+url+" HTTP/1.1");
      out.println();
      out.flush();

      BufferedReader in = new BufferedReader(new InputStreamReader(
         socket.getInputStream()));
      String line = in.readLine();
      while (line.length()>0) {
         System.out.println(line);
         line = in.readLine();
      }

      in.close();
      out.close();
      socket.close();
   }
}

d

⇒ Key Manager Not Sending Client Certificate

⇐ Create SSL Client Certificate with "keytool"

⇑ Examples for jsse.jar - Java Secure Socket Extension

⇑⇑ FAQ for jsse.jar - Java Secure Socket Extension

2018-06-12, 1339🔥, 0💬

💬 2021-09-18 LinRuiIXIN: hello world

SSL Handshake Messages with Client Authentication
How to get SSL Handshake Messages that use client Authentication? You can get SSL Handshake Messages that use client Authentication as shown below: 1. Open command window and run SslServerCmd.java with client certificate authentication turned on: \fyicenter>\local\jdk-1 .8.0\bin\java-Djavax.n... 2018-06-12, 2270🔥, 0💬

SslServerCmd.java - SSL Server Command Example
How to create an SSL server program to run like a command? In order to create an SSL server program, you need to do the following: 1. Load the keystore file that contains the server certificate. Remember to specify the keystore password as shown below: KeyStore ks = KeyStore.getInstance("JKS"); ks.l... 2018-06-27, 2190🔥, 0💬

Key Manager Not Sending Client Certificate
Why the Key Manager is not sending the client certificate to the SSL server? I have provided a keystore file with the client certificate inside. JSSE documentation does not provide any details on how the Key Manager selects a certificate and sends it the SSL server. But rxg provided a good explanati... 2018-06-12, 1603🔥, 0💬

What Is Client Certificate Authentication
What Is Client Certificate Authentication? Client Certificate Authentication is an extra layer of security protection added to the normal SSL socket communication. In a normal SSL socket communication: The client is asking for the server to show server certificate. The client validates the server ce... 2018-06-27, 1510🔥, 0💬

Make SSL Server Certificate Trusted
How to make a SSL self-signed server certificate trusted? I want the ValidatorException going away. There are several options to make a self-signed server certificate trusted: Send your self-signed certificate to a trusted root CA, like GeoTrust, and ask them to sign it for you. Add your self-signed... 2018-06-27, 1453🔥, 0💬

Create SSL Client Certificate with "keytool"
How to create an SSL Client Certificate with JDK "keytool"? I want to run a SSL socket client program that requires client authentication. "keytool" from the JDK package is a nice tool to create public and private key pairs. It also allows you that create self-sign client certificates that you can u... 2018-06-12, 1406🔥, 0💬

Connect to SSL Server Failed with Invalid Certificate
Why am I getting the ValidatorException error when connecting to an SSL server? You are getting a ValidatorException error when connecting to an SSL server, because the server certificate can not be trusted for one of the following possible reasons: The root CA of the server certificate is unknown. ... 2018-06-27, 1349🔥, 0💬

Client Certificate Authentication Example
How to write a SSL client program that use a client certificate? The SSL is asking for client certificate authentication. When an SSL server program is asking for client certificate authentication, it is usually coded as the following: serverSocket.setNeedClientAuth (true);In the SSL client program,... 2018-06-12, 1340🔥, 0💬

Make Client Certificate Trusted by SSL Server
How to make a self-signed client certificate trusted by the SSL server? I want to help Key Manager to send out the client certificate and accepted by the SSL server. There are several options to make a self-signed certificate trusted by the SSL Server: Send your self-signed certificate to a trusted ... 2018-06-12, 1300🔥, 0💬

All rights in the contents of this web site are reserved by the individual author. FYIcenter.com does not guarantee the truthfulness, accuracy, or reliability of any contents.