SSLContext 未使用来自 JVM TrustStore 的证书

Question

I need to send a request to a server that uses TLS Client Authentication. For that, I created a PKCS12 file with my certificate and private key and set it in the SSLContext as a KeyManager.

KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType());
keystoreInputStream = new FileInputStream("C:/Users/PC/Desktop/certprivate.p12");
keystore.load(keystoreInputStream, "password".toCharArray());

KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
kmf.init(keystore, "password".toCharArray());

SSLContext sc = SSLContext.getInstance("TLSv1.3");
sc.init(kmf.getKeyManagers(), null, null);

I also used keytool to add the certificate from the server in the cacerts store and while that didn't work, I used InstallCerts to download I guess all of the intermediary certificates and installed thoses in cacerts. The problem I'm getting now is 400 No required SSL certificate was sent .

I'm not sure why this shows up, when from my understanding, if the TrustManager is set to null, it will use the default TrustManager which in this case is:

String certificatesTrustStorePath = "C:/Program Files/Java/jdk-15.0.2/lib/security/cacerts";
System.setProperty("javax.net.ssl.trustStore", certificatesTrustStorePath);
System.setProperty("javax.net.ssl.trustStorePassword", "changeit");

EDIT: I don't get why the request is failing as the TLS handshake has been completed. Otherwise I would have gotten some other error/exception.

Answer 1

Add -Djavax.net.debug=all in your java startup command line, you will have more informations. After you could diagnose your issue. JC