stackoom
  简体   繁体   中英

How to verify the correctness of configuring mutual authentication (client certificate, server certificate) Java EE?

 原文  2012-04-12 08:27:04       java/ security/ authentication

Question

I am trying to write a simple application to understand the basics of configuring authentication based on client and server certificates.

I have done everything as it is explained in jave ee 5, java ee 6 tutorials http://docs.oracle.com/javaee/6/tutorial/doc/glien.html

  1. Opened example from javaee tutorials hello basicauthorization (just simple servlet which can be accessed only after authentication) and then reconfigured it for client certificates instead of basic authorizations
  2. Configured web.xml
  3. Configured glassfish-web.xml
  4. Generated client certificate
  5. Imported client certificate so that the server would trust it.

The problem:

When I deploy my application, and follow the link, corresponding to the application, I get a message from glassfish server HTTP Status 400 - No client certificate chain in this request".

So, it seems, that the client (browser) doesn't send the certificate with the request

I tried adding the .cer certificate to Chrome, firefox, internet explorer and they are added (no error is displayed), but as you see that doesn't help.

So, the question is:

How to get the access to my application through the web browser having client .cer certificate?

1 answers

solution1
 1 ACCPTED  2012-04-12 08:39:42

You can debug ssl on the server-side by adding (somewhere in Glassfish) system properties: 

-Djavax.net.debug=all

see this page for details.

You can also debug from the client perspective using openssl tool: 

openssl s_client -connect host:port -debug -msg

you should see something like this: 

...
Acceptable client certificate CA names
/C=PL/O=company/OU=xx/CN=host/emailAddress=email@example.com
/C=PL/O=company/OU=xx/CN=ca/emailAddress=email@example.com
---
SSL handshake has read 2536 bytes and written 116 bytes
...

your problem is probably related to bad truststore configuration on the server-side - server sends some Acceptable client certificate CA names (or no at all), but browser doesn't have anything to offer - it doesn't have any private key+certificate issued by acceptable ca .

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Mutual Client Authentication Get Certificate in Servlet mutual authentication using certificate SSL mutual authentication FAIL on Android Client accepts servers certificate but server does not get the client cert Java 6 HTTPS client certificate authentication Java Manual Client Certificate Authentication Client Authentication by Certificate in GAE java Java HTTPS client certificate authentication Mutual SSL - client certificate chain emtpy when using java as a client How to verify a SSL java certificate Java-WebSocket - Get Client certificate from Server for authentication
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM