堆栈内存溢出
  简体   繁体   English

如何验证配置相互认证(客户端证书,服务器证书)Java EE的正确性?

[英]How to verify the correctness of configuring mutual authentication (client certificate, server certificate) Java EE?

 原文  2012-04-12 08:27:04       java/ security/ authentication

问题描述

I am trying to write a simple application to understand the basics of configuring authentication based on client and server certificates. 我试图编写一个简单的应用程序,以了解基于客户端和服务器证书配置身份验证的基础。

I have done everything as it is explained in jave ee 5, java ee 6 tutorials http://docs.oracle.com/javaee/6/tutorial/doc/glien.html 我已经按照jave ee 5,java ee 6教程http://docs.oracle.com/javaee/6/tutorial/doc/glien.html中的说明进行了所有操作

  1. Opened example from javaee tutorials hello basicauthorization (just simple servlet which can be accessed only after authentication) and then reconfigured it for client certificates instead of basic authorizations 从Javaee教程中打开的示例hello basicauthorization(只是简单的servlet,仅在身份验证后才能访问),然后将其重新配置为客户端证书而不是基本授权
  2. Configured web.xml 配置的web.xml
  3. Configured glassfish-web.xml 配置的glassfish-web.xml
  4. Generated client certificate 生成的客户证书
  5. Imported client certificate so that the server would trust it. 导入了客户端证书,以便服务器信任它。

The problem: 问题:

When I deploy my application, and follow the link, corresponding to the application, I get a message from glassfish server HTTP Status 400 - No client certificate chain in this request". 当我部署应用程序并遵循与该应用程序对应的链接时,我从glassfish服务器的HTTP状态400中收到一条消息-该请求中没有客户端证书链”。

So, it seems, that the client (browser) doesn't send the certificate with the request 因此,客户端(浏览器)似乎没有随请求发送证书

I tried adding the .cer certificate to Chrome, firefox, internet explorer and they are added (no error is displayed), but as you see that doesn't help. 我尝试将.cer证书添加到Chrome,firefox,Internet Explorer,并且已将它们添加(未显示错误),但是如您所见,这无济于事。

So, the question is: 因此,问题是:

How to get the access to my application through the web browser having client .cer certificate? 如何通过具有客户端.cer证书的Web浏览器访问我的应用程序?

1 个解决方案

解决方案1
 1 已采纳  2012-04-12 08:39:42

You can debug ssl on the server-side by adding (somewhere in Glassfish) system properties: 您可以通过添加(在Glassfish中的某个地方)系统属性在服务器端调试ssl: 

-Djavax.net.debug=all

see this page for details. 有关详情,请参见此页面

You can also debug from the client perspective using openssl tool: 您还可以使用openssl工具从客户端角度进行调试: 

openssl s_client -connect host:port -debug -msg

you should see something like this: 您应该会看到以下内容: 

...
Acceptable client certificate CA names
/C=PL/O=company/OU=xx/CN=host/emailAddress=email@example.com
/C=PL/O=company/OU=xx/CN=ca/emailAddress=email@example.com
---
SSL handshake has read 2536 bytes and written 116 bytes
...

your problem is probably related to bad truststore configuration on the server-side - server sends some Acceptable client certificate CA names (or no at all), but browser doesn't have anything to offer - it doesn't have any private key+certificate issued by acceptable ca . 您的问题可能与服务器端的信任库配置错误有关-服务器发送了一些可接受的客户端证书CA名称 (或根本没有),但浏览器没有提供任何功能-它没有任何私钥+证书由可接受的ca发行

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 相互客户端身份验证在Servlet中获取证书 - Mutual Client Authentication Get Certificate in Servlet 使用证书的相互认证 - mutual authentication using certificate Android客户端上的SSL相互身份验证FAIL接受服务器证书,但服务器未获得客户端证书 - SSL mutual authentication FAIL on Android Client accepts servers certificate but server does not get the client cert Java 6 HTTPS客户端证书认证 - Java 6 HTTPS client certificate authentication Java手动客户端证书认证 - Java Manual Client Certificate Authentication GAE java中的证书客户端认证 - Client Authentication by Certificate in GAE java Java HTTPS 客户端证书认证 - Java HTTPS client certificate authentication 相互SSL-使用Java作为客户端时的客户端证书链为空 - Mutual SSL - client certificate chain emtpy when using java as a client 如何验证SSL Java证书 - How to verify a SSL java certificate Java-WebSocket - 从服务器获取客户端证书以进行身份验证 - Java-WebSocket - Get Client certificate from Server for authentication
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM