stackoom
  简体   繁体   中英

Java Jersey not sending ssl client certificate

 原文  2016-08-21 17:10:19       java/ ssl/ glassfish/ jersey-2.0/ jersey-client

Question

I have Jersey app which uses Jersey client to request a server. Server uses client certificate and basic auth to communicate. I have setup truststore and keystore properly with certificates in glassfish

Server certificate chain: Server cert -> CA Inter -> CA

client certificate chain: client cert -> CA Inter -> CA

CA is self created/signed certificate and not from a vendor.

truststore:

1) CA

2) CA Inter

keystore:

1) client certificate with complete chain

Code: (stores are set in environment) 

sSLContext = SslConfigurator.newInstance().securityProtocol("TLSv1.2").createSSLContext();
HttpAuthenticationFeature authFeature = HttpAuthenticationFeature.basic("user", "pass");
client = ClientBuilder.newBuilder().sslContext(sSLContext).build();
client.register(authFeature);

All certificates and chains are loaded properly.

However when i make a request i get 

Info:   Warning: no suitable certificate found - continuing without client authentication

and then i get handshake_failure error

I get these other errors 

Info:   http-listener-1(3), setSoTimeout(0) called
Info:   Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1
Info:   Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 for TLSv1
Info:   Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 for TLSv1
Info:   Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1
Info:   Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 for TLSv1
Info:   Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 for TLSv1
Info:   Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 for TLSv1
Info:   Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1.1
Info:   Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 for TLSv1.1
Info:   Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 for TLSv1.1
Info:   Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1.1
Info:   Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 for TLSv1.1
Info:   Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 for TLSv1.1
Info:   Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 for TLSv1.1

I have installed unlimited chiper extension and checked that its working. Still getting these.

I have also checked certificate on browser and i am able to connect to server via browser and fetch data using same certificates.

How to get 2-way ssl to work?

1 answers

solution1
 0  2016-08-22 00:02:44

Both client and sever need the CA certificate in their respective truststores. I would say the server doesn't.

When the server requests the client certificate, it sends its list of trusted CAs, and if the client can't find a certificate signed by one of them it doesn't send one,

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How do I use an SSL client certificate with jersey client in java Weblogic/Java not sending Client Certificate in Mutual SSL Integration with IIS My SSL client (Java) isn't sending a certificate back to the server in two-way SSL handshake SSL client (Java) is not sending a certificate back to the server in two-way SSL handshake Choosing SSL client certificate in Java JAVA SSL: how to get client certificate information Java SSL socket — client certificate proof How to load local client certificate in java SSL? Java SSL handshake failure - no client certificate Java SOAP Client with SSL authentication : bad certificate
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM