stackoom
  简体   繁体   中英

Can communicate a certificate issued by a CA (client) with a certificate Self Signed (server)?

 原文  2018-06-20 12:43:38       java/ web-services/ ssl/ tls1.2/ sslhandshakeexception

Question

we have a java web application (client) that recalls web services of a site (server) that has a self-signed certificate. Our certificate is issued by a CA when we execute the call from the log file: 

default task-24, SEND TLSv1.2 ALERT:  fatal, description = certificate_unknown
default task-24, WRITE: TLSv1.2 Alert, length = 2
[Raw write]: length = 7
0000: 15 03 03 00 02 02 2E                               .......
default task-24, called closeSocket()
default task-24, handling exception: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target`enter code here`
default task-24, called close()

Our application server is Wildfly 10, we use Spring Ws to call Web service. In our keystore there is the Self Signed certificate of server site we call.

Before this error, we have a our Self signed certificate client that calls Self Signed certificate server, it worked properly!

Given that we now have a certificate issued by a CA, we need to communicate the new certificate to the server part in order to continue using their webservices?

Thank a lots

1 answers

solution1
 0  2018-06-20 13:14:40

Given that we now have a certificate [for the client] issued by a CA, do we need to communicate the new certificate to the server in order to continue using their webservices?

Assuming that the server is relying on client certs, then yes you do.

When you set things up to start with, you would have done the following.

  1. Create a self-signed cert for the server
  2. Create a self-signed cert for the client.
  3. Registered the server with the client (typically) by adding the server's cert as a trusted cert in the client's keystore.
  4. Registered the client with the server (typically) by adding the client's cert to the client's keystore.

This tells the client to trust that the server is who it claims be, and tells the server to trust that the client is who it claims to be. In addition, it tells the server that the client is "on the list" of clients to accept requests from.

Now you have changed the client's cert to a cert issued by a proper CA. The server can check that this cert is valid, but that is not sufficient for the server to know that the client is "on the list". To establish the latter, either you need to register the new client cert with the server, or you need to tell the server to accept any client certs issued by the CA as "on the list". (You need to decide which is more appropriate for your use-case.)

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Self -Signed certificate vs CA Find if a certificate is self signed or CA signed My code can verify self signed certificate but is failing when VeriSign issued certificate is used How to connect a SSL MQTT client with a CA signed server certificate? WCF Java client to communicate with a server with wsHttpBinding signed with certificate Accept server's self-signed ssl certificate in Java client Spring Boot - client server REST API with self-signed certificate Tomcat server AND HTTP Client accepting expired self-signed certificate How to call the https get method on a self signed server and client certificate Can I use the same self signed certificate for client and server Java SSL
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM