Make Client Certificate Trusted by SSL Server

Q

How to make a self-signed client certificate trusted by the SSL server? I want to help Key Manager to send out the client certificate and accepted by the SSL server.

✍: FYIcenter

A

There are several options to make a self-signed certificate trusted by the SSL Server:

Send your self-signed certificate to a trusted root CA, like GeoTrust, and ask them to sign it for you.
Add your self-signed certificate to the default trust root CA keystore file in \local\jdk-1.8.0\jre\lib\security\cacerts, before running the server program.
Add your self-signed certificate to the JVM property: javax.net.ssl.trustStore, when running the server program.

Below is a demonstration of the last option:

1. Save the client certificate in a keystore file for the server program to use:

\fyicenter>\local\jdk-1.8.0\bin\keytool 
   -importcert -file client.crt -alias client -keystore client_crt.jks

Enter keystore password: fyicenter
Re-enter new password: fyicenter
Owner: CN=Frank Y. Ivy, OU=IT, O=FYIcenter, L=NA, ST=NA, C=FR
Issuer: CN=Frank Y. Ivy, OU=IT, O=FYIcenter, L=NA, ST=NA, C=FR
Serial number: 12414e2f
Valid from: Sun Jun 25 11:29:50 until: Sat Sep 23 11:29:50
Certificate fingerprints:
         MD5:  C3:C7:4D:06:F5:62:91:3D:C3:25:93:2C:01:BE:EF:B5
         SHA1: FF:08:6F:E1:80:C2:72:8D:81:58:21:AF:31:C2:02:AA:CB:02:A8:5E
         SHA256: 1B:ED:2E:B5:88:0C:8E:B6:A3:29:04:9D:15:B6:B2:C6:5A:14:AF:38:0C:...
         Signature algorithm name: SHA1withDSA
         Version: 3
...
Trust this certificate? [no]: yes
Certificate was added to keystore

2. Open command window and run SslServerCmd.java with javax.net.ssl.trustStore system property set to client_crt.jks on your local host:

\fyicenter>\local\jdk-1.8.0\bin\java
   -Djavax.net.ssl.trustStore=client_crt.jks SslServerCmd 8080 Yes

USAGE: java SslServerCmd [port [clientAuth]]
Listening: port=8080, clientAuth=Yes

3. Open another command window and run SslServerCmd.java on your local host:

\fyicenter>\local\jdk-1.8.0\bin\java 
   -Djavax.net.ssl.trustStore=server_crt.jks 
   SslClientCertificateCmd localhost 8080 /index.html

HTTP/1.0 200 OK
Content-Type: text/html
Content-Length: 40

No more SSL errors. The client program successfully communicated with the server with all messages encrypted. And both the server and client are authenticated by their own certificates.

⇒ SSL Handshake Messages with Client Authentication

⇐ Key Manager Not Sending Client Certificate

⇑ Examples for jsse.jar - Java Secure Socket Extension

⇑⇑ FAQ for jsse.jar - Java Secure Socket Extension

2018-06-12, 1088👍, 0💬

Download JAXB 2.3 Specification and API JAR
How to download JAXB 2.3 Specification and API JAR? Java Architecture for XML Binding (JAXB) is a Java API that allows Java developers to map Java classes to XML representations. If you want to learn more details about JAXB, you can follow this tutorial to download JAXB 2.3 Specification and API JAR... 2021-09-18, 2285👍, 1💬

💬 2021-09-18 LinRuiIXIN: hello world

SSL Handshake Messages with Client Authentication
How to get SSL Handshake Messages that use client Authentication? You can get SSL Handshake Messages that use client Authentication as shown below: 1. Open command window and run SslServerCmd.java with client certificate authentication turned on: \fyicenter>\local\jdk-1 .8.0\bin\java-Djavax.n... 2018-06-12, 2067👍, 0💬

jaxb-api.jar Release Dates and Archive Site
Where to get release dates of all versions of JAXB API JAR files? You can get release dates of all versions of JAXB API JAR files from the MvnRepository.com website: Go to JAXB (JSR 222) API archive site. You see the following versions of JAXB API and their release dates: JAR File Version JDK Releas... 2018-06-06, 1609👍, 0💬

Key Manager Not Sending Client Certificate
Why the Key Manager is not sending the client certificate to the SSL server? I have provided a keystore file with the client certificate inside. JSSE documentation does not provide any details on how the Key Manager selects a certificate and sends it the SSL server. But rxg provided a good explanati... 2018-06-12, 1315👍, 0💬

What Is Client Certificate Authentication
What Is Client Certificate Authentication? Client Certificate Authentication is an extra layer of security protection added to the normal SSL socket communication. In a normal SSL socket communication: The client is asking for the server to show server certificate. The client validates the server ce... 2018-06-27, 1284👍, 0💬

Make SSL Server Certificate Trusted
How to make a SSL self-signed server certificate trusted? I want the ValidatorException going away. There are several options to make a self-signed server certificate trusted: Send your self-signed certificate to a trusted root CA, like GeoTrust, and ask them to sign it for you. Add your self-signed... 2018-06-27, 1278👍, 0💬

Create SSL Client Certificate with "keytool"
How to create an SSL Client Certificate with JDK "keytool"? I want to run a SSL socket client program that requires client authentication. "keytool" from the JDK package is a nice tool to create public and private key pairs. It also allows you that create self-sign client certificates that you can u... 2018-06-12, 1180👍, 0💬

Make Client Certificate Trusted by SSL Server
How to make a self-signed client certificate trusted by the SSL server? I want to help Key Manager to send out the client certificate and accepted by the SSL server. There are several options to make a self-signed certificate trusted by the SSL Server: Send your self-signed certificate to a trusted ... 2018-06-12, 1089👍, 0💬

Client Certificate Authentication Example
How to write a SSL client program that use a client certificate? The SSL is asking for client certificate authentication. When an SSL server program is asking for client certificate authentication, it is usually coded as the following: serverSocket.setNeedClientAuth (true);In the SSL client program,... 2018-06-12, 1056👍, 0💬

All rights in the contents of this web site are reserved by the individual author. FYIcenter.com does not guarantee the truthfulness, accuracy, or reliability of any contents.