I created one simple test java application to connect to a web service over HTTP/SSL.
The webservice provider given us 3 certificates for testing purpose:
1. Client Test Certificate with private key: abctest.p12
2. Client Test Certificate with public key: abctest.cer
3. Provider Test Certificate with public key: abc.cer
I've added these 3 certificate into "cacerts" truststore using java 'keytool'.
for 3 certificates, i created 3 different alias name: abcp12, abctest & abc in "cacerts" truststore.
And then I test the program, for 1way SSL connection, my program works fine(request to them, they return response).
But when i try to use 2 ways SSL connection, my program does not work. It gives me this error: "received fatal error: bad_certificate "
I've googled but doesn't help me at all.
I've added 3 certificates into my truststore.
I checked the list with command "keytool -list -v" and all the certs are there.
1way ssl is working but 2ways ssl is NOT working with receiving bad certificate error.
Can anyone please help me? Why bad certificate? Something wrong with the way I add the cert into truststore file?
1  3321 
Too late for Nick I guess, but I have been experiencing the same problem and in my case was fixed by adding the following lines before I set up the connection
System.setPrope rty("javax.net. ssl.keyStoreTyp e", "JKS");
System.setPrope rty("javax.net. ssl.keyStore", "/usr/java/jre1.6.0_21/lib/security/cacerts");
System.setPrope rty("javax.net. ssl.keyStorePas sword", "changeit") ;
System.setPrope rty("javax.net. ssl.trustStoreT ype", "JKS");
System.setPrope rty("javax.net. ssl.trustStore" , "/usr/java/jre1.6.0_21/lib/security/cacerts");
System.setPrope rty("javax.net. ssl.trustStoreP assword", "changeit") ;
I suspect the first 3 lines made the difference - by default the JVM knows the trust store config, and can do 1 way, but is not aware of a certificate key store and so does not supply a valid certificate to the server & 2 way handshake fails.
Sign in to post your reply or Sign up for a free account.
Similar topics | |
by: Tetedeiench |
last post by:
Hi !
I am currently changing the server for my website, and i make a heavy
use of openssl functions.
Both servers use PHP4.3.3 with OpenSSL 0.9.6i.
I was actually testing with this code, taken out from PHP's
documentation :
|
by: Robin H. Johnson |
last post by:
Hi,
I'm working on a project making large use of OpenSSL to individually
encrypt items inside a database, but I've hit a stumbling block.
There appears to be absolutely no native PHP way (eg without a shell
call to openssl) to get the PEM encoded form of a public key, given
the private key and applicable passphrase.
The closest that can be gotten is a resource key, via:
|
by: Matt Frame |
last post by:
I am working on a special ASP.Net application that receives files from
customers. The connection is made via HTTPS and the client sends the file
as a POST to my ASP.Net listener. All of this works fine. Now I am looking
at how to validate the clients certificate programmatically. The client
application sends to me with something like:
....
Dim myHttp As HttpWebRequest =
CType(WebRequest.Create(https://myserver/Receive.aspx),...
|
by: Matt Frame |
last post by:
I have a client that has asked us to get a digital signature certificate and
start digitally signing all files we pass between each other. I have heard
of the subject and know about the certs but I have no idea how to do
something like this with VB.Net. Has anyone done something like this or
know where I can find out information how to perform the process of signing
a document when sending it then checking one on receipt?
Your help is...
|
by: blackjack2150 |
last post by:
Hi!
Just one question. I'm writing a web service client in .NET with C#. In order to use this ws's operations the client must be authenticated by providing a registered certificate to the server.
Until recently I was convinced that this was done by just using the ClientCertificates.Add() of the object describing the web service. I didn't notice, though, that I've also has that certificate installed in the Internet Explorer Certificate...
| | |
by: jitsu |
last post by:
Hi all,
I have a problem. I need to connect to Web Server, send a xml string
(query) to it and receive another xml string (result).
I have the location of the Web Server like: https://extranet....com:8443,
then user name and password,
then I have the certifiace (I have already installed it to my
computer) and
I know the xml query string like:
|
by: Tery |
last post by:
I'm trying to implement the Handango.com HTTP POST registration method. The
instructions are here:
http://www.handango.com/marketing/developerTeam/HTTP_Post_Reg_Model_How2.doc
I'm stuck on how to encrypt a value using the public key in the Handango
certificate.
Does anyone have any suggestions or sample asp.net code on how to implement
this?
|
by: ucb01 |
last post by:
Hi,
I am working with Visual Studio 2005 in C#.
Using makecert I create a self-signed certificate A with a private key then a certificate B based on A. The first is installed in the 'Certificate Authorities .. ' store, the second in the 'Personal' one.
My application need to use the certificate B to sign binary data. In debug mode, my application runs perfectly (under Cassini, VS web server) but after deployment there is no way to...
|
by: =?Utf-8?B?SGVyYg==?= |
last post by:
For some reason my application now requires that I "Sign the ClickOnce
manifests". I don't know that it ever has before. I clicked the "Create Test
Certificate" and after a reinstall everything is hunky dorey.
Now I am trying to obtain a certificate that is "trusted" and I don't know
how to go about doing that. I understand that my temporary certificate will
expire in a year, I'd rather go through the reinstall now rather than wait a...
|
by: GaryDean |
last post by:
This post is a "sanity check"....
I have located the docs on how to sign a x.509 certificate
http://msdn.microsoft.com/en-us/library/aa529277.aspx
http://msdn.microsoft.com/en-us/library/aa528788.aspx
http://msdn.microsoft.com/en-us/library/aa528756.aspx
Step 2 in the first one refers to the second one "creating a custom policy
assertion". Just a brief scan of the first and second link depicts a huge
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look !
Part I. Meaning of...
| | |
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it.
First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed.
This is as boiled down as I can make it.
Here is my compilation command:
g++-12 -std=c++20 -Wnarrowing bit_field.cpp
Here is the code in...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth.
The Art of Business Website Design
Your website is...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own....
Now, this would greatly impact the work of software developers. The idea...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules.
He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms.
Adolph will...
| | |
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
|
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
| |
