Problem with client authentication , apache 2 mod_ssl and java client

Tue, 24 Sep 2002 07:06:05 -0700 

Hi All,

I have problem with client authentication. I have setup my CA using openssl
, created server certificate and client certificate both signed by the CA. I
have converted the client certificate to P12 format, imported this into IE6
and ssl communication was successful from Internet explorer browser. I could
pass this SSL information to Tomcat using mod_jk environment variables such
as SSL_CIPHER, SSL_CLIENT_CERT etc...

The problem is when I write a java client like:


                        Security.addProvider(new
com.sun.net.ssl.internal.ssl.Provider());
                        System.setProperty("java.protocol.handler.pkgs",
"com.sun.net.ssl.internal.www.protocol");
                        System.setProperty("javax.net.ssl.keyStore",
"c:/keystore1/java-client.keystore");
                        System.setProperty("javax.net.ssl.keyStorePassword",
"java-client");
                        System.setProperty("javax.net.ssl.trustStore",
"c:/keystore1/trust-store.keystore");
        
System.setProperty("javax.net.ssl.trustStorePassword", "trust-store");
                        
                        URL u = new
URL("https://esb-reddy:443/simpleservlet";);
                        URLConnection uc = u.openConnection();
                        HttpsURLConnection huc = (HttpsURLConnection) uc;
                        huc.setRequestMethod("GET");
                        huc.setDoOutput(true);

                        huc.connect();


I have imported the client certificate into java-client.keystore , which I
have created above using openssl and signed by the CA.
I have also imported the server certificate in to trust-store.keystore.


I got Hand shake failure exception.

javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure

My error log for mod_ssl shows: 

[Tue Sep 24 12:02:17 2002] [error] SSL handshake failed (server
esb-reddy:443, client 10.70.52.170)
[Tue Sep 24 12:02:17 2002] [error] SSL Library Error: 336105671
error:140890C7:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not return
a certificate No CAs known to server for verification?

Any one can please help?

Thanks in advance,

Thirumal.



* ** *** ** * ** *** ** * ** *** ** *
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. 
Any views or opinions presented are solely those of the author, and do not necessarily
represent those of ESB. 
If you have received this email in error please notify the sender.

Although ESB scans e-mail and attachments for viruses, it does not guarantee
that either are virus-free and accepts no liability for any damage sustained
as a result of viruses.

* ** *** ** * ** *** ** * ** *** ** *
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to