hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Dale McIntosh" <dale...@san.rr.com>
Subject Re: Problems using AuthSSLProtocolSocketFactory to send ClientCertificate in HTTPS session handshake
Date Sun, 26 Sep 2004 05:37:58 GMT
Oleg,

The client certificate authentication is configured to be optional. The
clients can either authenticate via a user certificate or via a user name /
password. I am writing an automated interface that requires client
authentification.

The way that I determine that the client certificate wasn't sent, is by the
page returned in the HTTP response. If I request a particular page and get
the login page instead, I know the certificate was not sent. If I get the
requested page, I know the certificate was sent and accepted by the server.
I can validate this with IE by requesting a page without logging in. If I
have a vaid client cert, I get the desired page. If not, I get the login
page. My Java program, however, always gives me the login page. I am
assuming that this is because the server is not requesting the client
certificate.

My belief at this point is that Oracle is only sending the client
certificate to browser (IE) based clients. That would explain the problem. I
have created an Oracle TAR, to see if this is an Oracle problem.

I want to make sure that no client certificate request was made. I didn't
see one looking at the log and I assume you didn't either. I expect to hear
from Oracle soon, I'll let you know what they have to say about this.

    Thanks,
    Dale

----- Original Message ----- 
From: "Oleg Kalnichevski" <olegk@apache.org>
To: "Commons HttpClient Project" <commons-httpclient-dev@jakarta.apache.org>
Sent: Saturday, September 25, 2004 2:19 PM
Subject: Re: Problems using AuthSSLProtocolSocketFactory to send
ClientCertificate in HTTPS session handshake


> Dale,
> Do you know if the client authentication has been configured as required
> or optional? Does the server reject the connection when attempt is made
> to authenticate with an invalid certificate? The fact that IE pops up
> the certificate dialog does not not actually mean that the server
> validates the certificate or requests a client certificate at all. I
> tend to trust more the SSL log showing that the server did not request a
> client certificate.
>
> I retested the AuthSSLProtocolSocketFactory against Apache 2.0.51 with
> mod_ssl one more time and everything appeared to be OK.
>
> Oleg
>
>
>
> On Sat, 2004-09-25 at 22:26, Dale McIntosh wrote:
> > I have been trying for quite a wile to get the
AuthSSLProtocolSocketFactory
> > to send a client certificate and it  doesn't seem to be working. I am
> > wondering if the server (Oracle single sign-on server) is requesting the
> > client cert. When the request is made from a browser, the browser does
send
> > the client cert. I have attached, my application, it is relatively
simple
> > and a debug log.  The debug options I used were -
> > javax.net.debug="ssl,handshake,keymanager".
> >
> > I have looked at the debug log and I do not see a certificate request.
> > However, when IE is used, IE sends a client certificate.
> >
> > Any help would be appreciated.
> >
> >             Thanks,
> >             Dale McIntosh
> >
> > ______________________________________________________________________
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail:
commons-httpclient-dev-unsubscribe@jakarta.apache.org
> > For additional commands, e-mail:
commons-httpclient-dev-help@jakarta.apache.org
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail:
commons-httpclient-dev-unsubscribe@jakarta.apache.org
> For additional commands, e-mail:
commons-httpclient-dev-help@jakarta.apache.org
>
>



---------------------------------------------------------------------
To unsubscribe, e-mail: commons-httpclient-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: commons-httpclient-dev-help@jakarta.apache.org


Mime
View raw message