Why is my RMI/SSL client authentication not working?
Question
I did the following things:
+ generate keystore.jks with keytool
+ exported keystore.cer file with keytool
+ imported keystore.cer file into truststore.jks
+ copied keystore.jks and keystore.cer to the client
Then I call my server with
-Djavax.net.ssl.trustStore=truststore.jks -Djavax.net.ssl.trustStorePassword=*
and my client with
-Djavax.net.ssl.keyStore=forclient.jks -Djavax.net.ssl.keyStorePassword=*
The server exposes its interface with the super() call of UnicastRemoteObject
super(PORT,
new SslRMIClientSocketFactory(),
new SslRMIServerSocketFactory(null, null, true));
The Registry stuff does not use any SSL. Why is that not working out? It DOES work out if I add the keystore VM arguments in the server run config and the trustore VM arguments in the clien. But I really want to know why?
1 answers
solution1
5 ACCPTED 2011-07-15 14:08:58
Please understand the aim of keystore and truststore first. Look at the POST . It says
A keystore contains private keys, and the certificates with their corresponding public keys.
A truststore contains certificates from other parties that you expect to communicate with, or from Certificate Authorities that you trust to identify other parties.
So the client SHOULD have truststore so that it trusts the server its interacting with uses server's public key to encrypt the data. Server SHOULD have keystore which stores the private keys which is used to decrypt the data encrypted by corresponding private key by client.
I hope now you got why your application works when you switch keystore and trustore in client-server.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.