Hi All, I have problem with client authentication. I have setup my CA using openssl , created server certificate and client certificate both signed by the CA. I have converted the client certificate to P12 format, imported this into IE6 and ssl communication was successful from Internet explorer browser. I could pass this SSL information to Tomcat using mod_jk environment variables such as SSL_CIPHER, SSL_CLIENT_CERT etc...
The problem is when I write a java client like: Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider()); System.setProperty("java.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol"); System.setProperty("javax.net.ssl.keyStore", "c:/keystore1/java-client.keystore"); System.setProperty("javax.net.ssl.keyStorePassword", "java-client"); System.setProperty("javax.net.ssl.trustStore", "c:/keystore1/trust-store.keystore"); System.setProperty("javax.net.ssl.trustStorePassword", "trust-store"); URL u = new URL("https://esb-reddy:443/simpleservlet"); URLConnection uc = u.openConnection(); HttpsURLConnection huc = (HttpsURLConnection) uc; huc.setRequestMethod("GET"); huc.setDoOutput(true); huc.connect(); I have imported the client certificate into java-client.keystore , which I have created above using openssl and signed by the CA. I have also imported the server certificate in to trust-store.keystore. I got Hand shake failure exception. javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure My error log for mod_ssl shows: [Tue Sep 24 12:02:17 2002] [error] SSL handshake failed (server esb-reddy:443, client 10.70.52.170) [Tue Sep 24 12:02:17 2002] [error] SSL Library Error: 336105671 error:140890C7:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not return a certificate No CAs known to server for verification? Any one can please help? Thanks in advance, Thirumal. * ** *** ** * ** *** ** * ** *** ** * This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. Any views or opinions presented are solely those of the author, and do not necessarily represent those of ESB. If you have received this email in error please notify the sender. Although ESB scans e-mail and attachments for viruses, it does not guarantee that either are virus-free and accepts no liability for any damage sustained as a result of viruses. * ** *** ** * ** *** ** * ** *** ** * ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]