I have Jersey app which uses Jersey client to request a server. Server uses client certificate and basic auth to communicate. I have setup truststore and keystore properly with certificates in glassfish
Server certificate chain: Server cert -> CA Inter -> CA
client certificate chain: client cert -> CA Inter -> CA
CA is self created/signed certificate and not from a vendor.
truststore:
1) CA
2) CA Inter
keystore:
1) client certificate with complete chain
Code: (stores are set in environment)
sSLContext = SslConfigurator.newInstance().securityProtocol("TLSv1.2").createSSLContext();
HttpAuthenticationFeature authFeature = HttpAuthenticationFeature.basic("user", "pass");
client = ClientBuilder.newBuilder().sslContext(sSLContext).build();
client.register(authFeature);
All certificates and chains are loaded properly.
However when i make a request i get
Info: Warning: no suitable certificate found - continuing without client authentication
and then i get handshake_failure error
I get these other errors
Info: http-listener-1(3), setSoTimeout(0) called
Info: Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1
Info: Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 for TLSv1
Info: Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 for TLSv1
Info: Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1
Info: Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 for TLSv1
Info: Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 for TLSv1
Info: Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 for TLSv1
Info: Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1.1
Info: Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 for TLSv1.1
Info: Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 for TLSv1.1
Info: Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1.1
Info: Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 for TLSv1.1
Info: Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 for TLSv1.1
Info: Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 for TLSv1.1
I have installed unlimited chiper extension and checked that its working. Still getting these.
I have also checked certificate on browser and i am able to connect to server via browser and fetch data using same certificates.
How to get 2-way ssl to work?
Both client and sever need the CA certificate in their respective truststores. I would say the server doesn't.
When the server requests the client certificate, it sends its list of trusted CAs, and if the client can't find a certificate signed by one of them it doesn't send one,
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.