JAR Tools (101)
Make Client Certificate Trusted by SSL Server
How to make a self-signed client certificate trusted by the SSL server? I want to help Key Manager to send out the client certificate and accepted by the SSL server.
There are several options to make a self-signed certificate trusted by the SSL Server:
Below is a demonstration of the last option:
1. Save the client certificate in a keystore file for the server program to use:
\fyicenter>\local\jdk-1.8.0\bin\keytool -importcert -file client.crt -alias client -keystore client_crt.jks Enter keystore password: fyicenter Re-enter new password: fyicenter Owner: CN=Frank Y. Ivy, OU=IT, O=FYIcenter, L=NA, ST=NA, C=FR Issuer: CN=Frank Y. Ivy, OU=IT, O=FYIcenter, L=NA, ST=NA, C=FR Serial number: 12414e2f Valid from: Sun Jun 25 11:29:50 until: Sat Sep 23 11:29:50 Certificate fingerprints: MD5: C3:C7:4D:06:F5:62:91:3D:C3:25:93:2C:01:BE:EF:B5 SHA1: FF:08:6F:E1:80:C2:72:8D:81:58:21:AF:31:C2:02:AA:CB:02:A8:5E SHA256: 1B:ED:2E:B5:88:0C:8E:B6:A3:29:04:9D:15:B6:B2:C6:5A:14:AF:38:0C:... Signature algorithm name: SHA1withDSA Version: 3 ... Trust this certificate? [no]: yes Certificate was added to keystore
2. Open command window and run SslServerCmd.java with javax.net.ssl.trustStore system property set to client_crt.jks on your local host:
\fyicenter>\local\jdk-1.8.0\bin\java -Djavax.net.ssl.trustStore=client_crt.jks SslServerCmd 8080 Yes USAGE: java SslServerCmd [port [clientAuth]] Listening: port=8080, clientAuth=Yes
3. Open another command window and run SslServerCmd.java on your local host:
\fyicenter>\local\jdk-1.8.0\bin\java -Djavax.net.ssl.trustStore=server_crt.jks SslClientCertificateCmd localhost 8080 /index.html HTTP/1.0 200 OK Content-Type: text/html Content-Length: 40
No more SSL errors. The client program successfully communicated with the server with all messages encrypted. And both the server and client are authenticated by their own certificates.
⇒ SSL Handshake Messages with Client Authentication
⇐ Key Manager Not Sending Client Certificate
⇑ Examples for jsse.jar - Java Secure Socket Extension
2018-06-12, 1147🔥, 0💬
JLayer is a library that decodes/plays/converts MPEG 1/2/2.5 Layer 1/2/3 (i.e. MP3) in real time for...
What Is javamail-1_2.zip? javamail-1_2.zip is the binary package of JavaMail API 1.2 in ZIP format. ...
What Is commons-lang3-3.1.jar? commons-lang3-3.1.jar is the JAR file for Apache Commons Lang 3.1, wh...
JDK 8 jconsole.jar is the JAR file for JDK 8 JConsole, which is a graphical monitoring tool to monit...
JRE 5 sunjce_provider.jar is the JAR file for JRE 5 Sun JCE Provider, which provides implementations...