db-derby-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dag Wanvik <dag.wan...@oracle.com>
Subject Re: SSL peerAuthentication
Date Thu, 10 Jan 2013 03:15:44 GMT
Did you check the docs at
http://db.apache.org/derby/docs/10.9/adminguide/cadminssl.html ?


On 10.01.2013 05:40, Thomas Hill wrote:
> Hi,
> currently trying to switch from basic authentication to peer Authentication, but
> having trouble with understanding serverTrustStore content.
> Have gone through the following scenarios:
> 1) in my current set-up I am starting the network server and the client(s) with
> basic authentication - this works fine
> 2) left the server starting with requesting basic authentication, but changed my
> client to request peerAuthentication - this works fine (so the additional
> clientTrustStore file is set-up correctly)
> 3) changed set-up so both server and clients request peer Authentication
> a) when importing just the trusted client certificate into the serverTrustStore
> I am getting a communication error - my assumption was this import is all needed
> for this file
> b) when importing the key pair of the client certificate into the
> serverTrustStore I am getting a communications error as well
> c) when importing two trusted certificates (not key pairs) into the
> serverTrustStore, i.e. the trusted client certificate and the certificate of the
> signing CA no error is thrown and I can access data, BUT this is true not only
> when using the trusted certificate imported into the truststore, but
> surprisingly also for other certificates signed by this CA. 
> -> So how do I need to do the set-up so that peerAuthentication is activated and
> restricts data access only to those client certificates that I have imported
> into the truststore?
> Thanks 

View raw message