Categories:
Audio (13)
Biotech (29)
Bytecode (36)
Database (77)
Framework (7)
Game (7)
General (507)
Graphics (53)
I/O (35)
IDE (2)
JAR Tools (101)
JavaBeans (21)
JDBC (121)
JDK (426)
JSP (20)
Logging (108)
Mail (58)
Messaging (8)
Network (84)
PDF (97)
Report (7)
Scripting (84)
Security (32)
Server (121)
Servlet (26)
SOAP (24)
Testing (54)
Web (15)
XML (309)
Collections:
Other Resources:
Make Client Certificate Trusted by SSL Server
How to make a self-signed client certificate trusted by the SSL server? I want to help Key Manager to send out the client certificate and accepted by the SSL server.
✍: FYIcenter
There are several options to make a self-signed certificate trusted by the SSL Server:
Below is a demonstration of the last option:
1. Save the client certificate in a keystore file for the server program to use:
\fyicenter>\local\jdk-1.8.0\bin\keytool -importcert -file client.crt -alias client -keystore client_crt.jks Enter keystore password: fyicenter Re-enter new password: fyicenter Owner: CN=Frank Y. Ivy, OU=IT, O=FYIcenter, L=NA, ST=NA, C=FR Issuer: CN=Frank Y. Ivy, OU=IT, O=FYIcenter, L=NA, ST=NA, C=FR Serial number: 12414e2f Valid from: Sun Jun 25 11:29:50 until: Sat Sep 23 11:29:50 Certificate fingerprints: MD5: C3:C7:4D:06:F5:62:91:3D:C3:25:93:2C:01:BE:EF:B5 SHA1: FF:08:6F:E1:80:C2:72:8D:81:58:21:AF:31:C2:02:AA:CB:02:A8:5E SHA256: 1B:ED:2E:B5:88:0C:8E:B6:A3:29:04:9D:15:B6:B2:C6:5A:14:AF:38:0C:... Signature algorithm name: SHA1withDSA Version: 3 ... Trust this certificate? [no]: yes Certificate was added to keystore
2. Open command window and run SslServerCmd.java with javax.net.ssl.trustStore system property set to client_crt.jks on your local host:
\fyicenter>\local\jdk-1.8.0\bin\java -Djavax.net.ssl.trustStore=client_crt.jks SslServerCmd 8080 Yes USAGE: java SslServerCmd [port [clientAuth]] Listening: port=8080, clientAuth=Yes
3. Open another command window and run SslServerCmd.java on your local host:
\fyicenter>\local\jdk-1.8.0\bin\java -Djavax.net.ssl.trustStore=server_crt.jks SslClientCertificateCmd localhost 8080 /index.html HTTP/1.0 200 OK Content-Type: text/html Content-Length: 40
No more SSL errors. The client program successfully communicated with the server with all messages encrypted. And both the server and client are authenticated by their own certificates.
⇒ SSL Handshake Messages with Client Authentication
⇐ Key Manager Not Sending Client Certificate
2018-06-12, 1430🔥, 0💬
Popular Posts:
What Is junit-3.8.1.jar? junit-3.8.1.jar is the version 3.8.1 of JUnit JAR library file. JUnit is a ...
What Is junit-3.8.1.jar? junit-3.8.1.jar is the version 3.8.1 of JUnit JAR library file. JUnit is a ...
What Is HttpComponents httpclient-4.2.2.jar? HttpComponents httpclient-4.2.2.jar is the JAR file for...
maven-compat-3.8.6.jar is the JAR file for Apache Maven 3.8.6 Compact module. The JAR file name may ...
What Is mail.jar of JavaMail 1.4.2? I got the JAR file from javamail-1.4.2.zip. mail.jar in javamail...