Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

SSL Client certificate

20 views
Skip to first unread message

Mike Baroukh

unread,
Sep 21, 2006, 1:38:17 PM9/21/06
to

Hi.

I must connect to an ssl Server using a client certificate.
Of course, if I ask you for help, it's that it didn't work.
So, here is how I done. Could somebody point me on the wrong step ?
Thanks in advance ...

1/ First, I created a key :

keytool -genkey -keyalg rsa -keystore storefile -storepass storepass
-alias mykey

2/ I created a certificate request

keytool -certreq -keystore storefile -storepass storepass -alias mykey
-file mykey.csr

3/ I send the generated file wich contains

-----BEGIN NEW CERTIFICATE REQUEST-----
MIIBiDCB8gIBADBJMQswCQYDVQQGEwJGUjEKMAgGA1UECBMBRTEKMAgGA1UEBxMBRDEKMAgGA1UE
ChMBQzEKMAgGA1UECxMBQjEKMAgGA1UEAxMBQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA
qfU4WrHE1QuUCR2yvAnzNEDUWqJgWxwpKjR1gkTA/D1tL4ftAmkzQ1YIdVwCp1u8sjhR2mkjnOIt
rp9jsuJ2/skqRjjv9GwUxrR3KBhxcBUeBFnypkbXbu3N9vbuIheaYfRIJdfqXO/BhVtBf9+tyito
WvAJuj5WqtiAWK4hvJECAwEAAaAAMA0GCSqGSIb3DQEBBAUAA4GBAHEjlA8CVt697VlHI7uW2Cqm
mnGv5IsFIi+b8gtXHuL8RnZkcUf4mlyyt/MTutHI9mL4be18J7jMWL7gp/DLhf/7629sGAxlk6jK
cHp1brpEygaTox1tvnooOQL0axvUWP5aMSFYS1eM9FVL7rJXj4LtywAh5ZRcPCF1SlIQocRx
-----END NEW CERTIFICATE REQUEST-----

to the webmaster of the site I have to connect to.

4/ He send my back a crt I imported

keytool -import -keystore storefile -storepass storepass -alias
mykey-crt -file mykey.crt

5/ I try to connect :

System.setProperty("javax.net.ssl.trustStore","~/storefile");
System.setProperty("javax.net.ssl.keyStore","~/storefile");
System.setProperty("javax.net.ssl.keyStorePassword","mykey6");
System.setProperty("javax.net.debug", "ssl,keymanager");

URL u = new URL("https://<url>");
URLConnection c = u.openConnection();
InputStream i = c.getInputStream();
BufferedReader reader = new BufferedReader(new InputStreamReader(i));
String ligne;
while ((ligne = reader.readLine()) != null) {
System.out.println(ligne.trim());
}
i.close();

result :
java.io.IOException: Server returned HTTP response code: 403 for URL:
https://<url>
at
sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1149)
at
sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:234)
at x509.Elvia.main(Elvia.java:23)

I tried to separate truststore and keystore, having only the crt in
keystore but nothing works.

Do I use the right method ?
I don't understand why I don't I don't just send a public key to the
webmaster ...

Mike

EJP

unread,
Sep 22, 2006, 4:18:42 AM9/22/06
to
Mike Baroukh wrote:
>
> 5/ I try to connect :
>
> System.setProperty("javax.net.ssl.trustStore","~/storefile");
> System.setProperty("javax.net.ssl.keyStore","~/storefile");

Java doesn't understand "~".

The keypair and the signed certificate must be in the keystore. That's a
*source* of authentication certificates. The truststore is where you
check *incoming* certificates. Very different functions.

Apart from the above your process was OK.

0 new messages