hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jesus M. Salvo Jr." <jesus.sa...@migasia.com>
Subject Re: client certs - how to choose which cert to use?
Date Tue, 25 May 2004 05:10:44 GMT

Tim Wild wrote:

> Thanks Jesus,
>
> I gave this a try, but I think I missed something, as it didn't work - 
> I got a SSLHandshakeException: with the message handshake_failure, 
> indicating that the client certificate hadn't been presented.


What JDK are you using ?
If you are using JDK 1.3, then you have to add 
java.protocol.handler.pkgs=com.sun.net.ssl.internal.www.protocol to your 
system property
Also, add javax.net.debug=all to your system property so that at least 
you can see what's happening.

>
> I provided those parameters to the JVM and used the HttpClient as 
> usual, simply specifying an https server. I also tried specifying the 
> SSLProtocolSocketFactory. Do I still need to use a 
> SecureProtocolSocketFactory, or should the default one work? If the 
> default one should work, could you think what I might have missed?
>
> Thanks
>
> Tim
>
> Jesus M. Salvo Jr. wrote:
>
>>
>>
>> Tim Wild wrote:
>>
>>> Hi all,
>>>
>>> Using a link to Sun code that a few people have posted before, I 
>>> have client authentication working using HttpClient by creating my 
>>> own SecureProtocolSocketFactory.
>>>
>>> The problem i'm having is that it seems to automatically choose a 
>>> certificate without asking me which one to use. Does anyone know how 
>>> to modify the following code to retrieve a cert by name?
>>
>>
>>
>> I came across that same problem before.
>>
>> My answer is: You don't.
>> If you have multiple client certificates, what you should do is 
>> combine all of them into one keystore.
>> PKCS12 only allows you to have one, so you have to put all your 
>> PKCS12 certificates into a JKS keystore.
>>
>> And then, you dont have to do the code that you showed earlier.
>> All you have to do is specify your JKS keystore filename via the 
>> system property java.net.ssl.keyStore
>> and the passphrase for the keystore via java.net.ssl.keyStorePassword
>> and then specify that JKS for the property java.net.ssl.keyStoreType
>>
>>> Even a way to work out which client cert is loaded would be great.
>>>
>>> Thanks
>>>
>>> Tim
>>>




---------------------------------------------------------------------
To unsubscribe, e-mail: commons-httpclient-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: commons-httpclient-dev-help@jakarta.apache.org


Mime
View raw message