File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes Java in General and the fly likes Client certificate authentication Big Moose Saloon
  Search | Java FAQ | Recent Topics
Register / Login
JavaRanch » Java Forums » Java » Java in General
Reply Bookmark "Client certificate authentication" Watch "Client certificate authentication" New topic
Author

Client certificate authentication

Deepak Bala
Bartender

Joined: Feb 24, 2006
Posts: 6588
    
    1

I like...
Firefox Browser Linux MyEclipse IDE
posted private message
0
Quote
How do I go about sending a client certificate from a java program to a server ? I know that I would have to set the following parameters in system properties

1. Keystore
2. Keystore pass
3. Truststore
4. Truststore pass

Now how can I decide which certificate in my keystore to pass to the server ? Should I set a parameter that will decide this or will the SSL process automatically try to figure out which certificate to use to authenticate the client ? I am not even sure if a certificate will automatically be used from my keystore, in which case I would make sure that my keystore has only one certificate. Or would I have to load the serializable X509Certificate and send it across somehow ? Any suggestions would be great !

SCJP 6 articles - SCJP 5/6 mock exams - SCJP Mocks - SCJP 5 Mock exam (Word document ) - SCJP 5 Mock exam in Java.Inquisition format
Deepak Bala
Bartender

Joined: Feb 24, 2006
Posts: 6588
    
    1

I like...
Firefox Browser Linux MyEclipse IDE
posted private message
0
Quote
I figured this out a while back so I am posting so others know the solution. The JVM looks for some system properties and a SSL provider to communicate with HTTPS. You need to provide the following in the system properties

1. Keystore
2. Keystore pass
3. Truststore
4. Truststore pass

You can google and find out the keys for the properties. Then you set the ssl provider

Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());

You then need to figure out what is happening behind the scenes when you open a URL connection to a https end point. If you are unable to communicate for some reason, the following stuff should be checked

1. Do you trust the server certificate ?
2. Does the server trust your certificate (if you provide one to the server. It should be in the server's trust store)
3. Is the JVM able to find your trust and keystores ?
4. Is the operation timing out ?

You can find the answers by turning JSSE debugging on. The following parameter will reveal all possible debugging options.

-Djava.security.debug=help

The program would quit with an output like the following



Choose the debugging options you require like so

java -Djavax.net.debug=SSL,handshake,data,trustmanager MyApp

More information here

http://java.sun.com/products/jsse/doc/guide/API_users_guide.html

If you get errors like 'No SSL provider found' in spite of doing the stuff mentioned above you should check the debug logs. For example if the keystore is not found the 'No SSL provider' error could be thrown.
 
I agree. Here's the link: http://ej-technologies/jprofiler - if it wasn't for jprofiler, we would need to run our stuff on 16 servers instead of 3.
 
subject: Client certificate authentication
 
Similar Threads
Default keyStore/trustStroe for the tomcat server
List Certificates Aliases Programattically
Applets, SSL Sockets, and Certificates
Java Client invoking Secured Servlet in different Machine
exception starting NodeAgent after enabling Security