db-derby-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Thomas Hill <Thomas.K.H...@t-online.de>
Subject SSL peerAuthentication
Date Wed, 09 Jan 2013 19:40:26 GMT
currently trying to switch from basic authentication to peer Authentication, but
having trouble with understanding serverTrustStore content.

Have gone through the following scenarios:
1) in my current set-up I am starting the network server and the client(s) with
basic authentication - this works fine
2) left the server starting with requesting basic authentication, but changed my
client to request peerAuthentication - this works fine (so the additional
clientTrustStore file is set-up correctly)
3) changed set-up so both server and clients request peer Authentication
a) when importing just the trusted client certificate into the serverTrustStore
I am getting a communication error - my assumption was this import is all needed
for this file
b) when importing the key pair of the client certificate into the
serverTrustStore I am getting a communications error as well
c) when importing two trusted certificates (not key pairs) into the
serverTrustStore, i.e. the trusted client certificate and the certificate of the
signing CA no error is thrown and I can access data, BUT this is true not only
when using the trusted certificate imported into the truststore, but
surprisingly also for other certificates signed by this CA. 
-> So how do I need to do the set-up so that peerAuthentication is activated and
restricts data access only to those client certificates that I have imported
into the truststore?


View raw message