This week's giveaway is in the EJB and other Java EE Technologies forum. We're giving away four copies of EJB 3 in Action and have Debu Panda, Reza Rahman, Ryan Cuprak, and Michael Remijan on-line! See this thread for details.
Now how can I decide which certificate in my keystore to pass to the server ? Should I set a parameter that will decide this or will the SSL process automatically try to figure out which certificate to use to authenticate the client ? I am not even sure if a certificate will automatically be used from my keystore, in which case I would make sure that my keystore has only one certificate. Or would I have to load the serializable X509Certificate and send it across somehow ? Any suggestions would be great !
I figured this out a while back so I am posting so others know the solution. The JVM looks for some system properties and a SSL provider to communicate with HTTPS. You need to provide the following in the system properties
You then need to figure out what is happening behind the scenes when you open a URL connection to a https end point. If you are unable to communicate for some reason, the following stuff should be checked
1. Do you trust the server certificate ? 2. Does the server trust your certificate (if you provide one to the server. It should be in the server's trust store) 3. Is the JVM able to find your trust and keystores ? 4. Is the operation timing out ?
You can find the answers by turning JSSE debugging on. The following parameter will reveal all possible debugging options.
The program would quit with an output like the following
If you get errors like 'No SSL provider found' in spite of doing the stuff mentioned above you should check the debug logs. For example if the keystore is not found the 'No SSL provider' error could be thrown.