Categories:
Audio (13)
Biotech (29)
Bytecode (36)
Database (77)
Framework (7)
Game (7)
General (507)
Graphics (53)
I/O (35)
IDE (2)
JAR Tools (102)
JavaBeans (21)
JDBC (121)
JDK (426)
JSP (20)
Logging (108)
Mail (58)
Messaging (8)
Network (84)
PDF (97)
Report (7)
Scripting (84)
Security (32)
Server (121)
Servlet (26)
SOAP (24)
Testing (54)
Web (15)
XML (322)
Collections:
Other Resources:
Key Manager Not Sending Client Certificate
Why the Key Manager is not sending the client certificate to the SSL server? I have provided a keystore file with the client certificate inside.
✍: FYIcenter
JSSE documentation does not provide any details on how the Key Manager
selects a certificate and sends it the SSL server.
But rxg provided a good explanation on the how the Key Manager works
in this stackoverflow article:
How is the SSL client certificate chosen when there are multiple matching certificates.
Basically, the Key Manager selects the first certificate that meets requirements given by the SSL server as described below:
Of course, if the list of available client certificates is empty, no certificate will be sent to the SSL server. In this case, the server will get the "SSLHandshakeException: null cert chain" exception.
You can play with SslServerCmd.java and SslClientCertificateCmd.java given in previous tutorials to see the ValidatorException error:
1. Open a command window and run SslServerCmd.java on your local host:
\fyicenter>\local\jdk-1.8.0\bin\java SslServerCmd SslServerCmd 8080 Yes USAGE: java SslServerCmd [port [clientAuth]] Listening: port=8080, clientAuth=No
2. Open another command window and run SslClientCmd.java on your local host:
\fyicenter>\local\jdk-1.8.0\bin\java -Djavax.net.ssl.trustStore=server_crt.jks SslClientCertificateCmd localhost 8080 /index.html Exception in thread "main" java.net.SocketException: Software caused connectionabort: recv failed at java.net.SocketInputStream.socketRead0(Native Method) at java.net.SocketInputStream.socketRead(SocketInputStream.java:116) ...
3. Look at the SslServerCmd.java execution window, you will see the following error:
USAGE: java SslServerCmd [port [clientAuth]] Listening: port=8080, clientAuth=Yes Exception in thread "main" javax.net.ssl.SSLHandshakeException: null cert chain at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1937) ...
In this case, the client certificate in client.jks file is removed from the available client certificate list, because it is self-signed certificate and not signed by any default Certificate Authorities.
⇒ Make Client Certificate Trusted by SSL Server
⇐ Client Certificate Authentication Example
2018-06-12, 1906🔥, 0💬
Popular Posts:
How to download and install JDK (Java Development Kit) 1.3? If you want to write Java applications, ...
How to perform XML Schema validation with sax\Writer.java provided in the Apache Xerces package? You...
What JAR files are required to run sax\Writer.java provided in the Apache Xerces package? 1 JAR file...
If you are a Java developer, it is very often that you need to use some 3rd party libraries to perfo...
JDK 11 java.sql.jmod is the JMOD file for JDK 11 SQL (Structured Query Language) module. JDK 11 SQL ...