Re: SSL intermediate cert issue

Fri, 04 Mar 2016 06:30:29 -0800 

Hello Christine,

I wonder if all the intermediate certificates have been registered in the
keystore with the same alias entry.
Could you have a look at this post?
http://stackoverflow.com/questions/9299133/why-doesnt-java-send-the-client-certificate-during-ssl-handshake/9300727#9300727

Best regards,
Thierry Boileau

Le mer. 2 mars 2016 à 22:45, Christine Karman <christ...@christine.nl> a
écrit :

> I want to switch from using a self-signed certificate in Restlet, which
> worked well, to a startcom certificate. The reason I want to change it
> is that I want to give third parties access to the server without having
> to give them my self signed cert.
>
> Now I see an issue with Restlet apparently not sending the certificate
> chain, which my android app doesn't like. When I type
>
> openssl s_client -showcerts -connect pengo.christine.nl:9005
>
> in a shell, I get this error:
>
> CONNECTED(00000003)
> depth=0 CN = pengo.christine.nl
> verify error:num=20:unable to get local issuer certificate
> verify return:1
> depth=0 CN = pengo.christine.nl
> verify error:num=21:unable to verify the first certificate
> verify return:1
>
> When I type
> openssl s_client -showcerts -connect pengo.christine.nl:9005 -CAfile
> ./chain.crt
>
> with chain.crt containing the root cert and intermediate cert, I get
>
> CONNECTED(00000003)
> depth=2 C = IL, O = StartCom Ltd., OU = Secure Digital Certificate
> Signing, CN = StartCom Certification Authority
> verify return:1
> depth=1 C = IL, O = StartCom Ltd., OU = StartCom Certification
> Authority, CN = StartCom Class 1 DV Server CA
> verify return:1
> depth=0 CN = pengo.christine.nl
> verify return:1
>
> My restlet configuration contains
>
>          params.add("sslContextFactory",
> "org.restlet.engine.ssl.DefaultSslContextFactory");
>          params.add("keystorePath",
> "/home/christine/motogymkhana/pengo_ssl.jks");
>          params.add("keystorePassword", ServerConstants.keyStorePw);
>          params.add("keystoreType", "JKS");
>          params.add("keyAlias", ServerConstants.keyAlias);
>          params.add("keyPassword", ServerConstants.keyPw);
>
> The keystore does contain the same certificates as the chain.crt file.
>
> How do I make Restlet send the chain with the certificate?
>
> dagdag
> Christine
>
>
> --
> dagdag is just a two character rotation of byebye
>
> ------------------------------------------------------
>
> http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=3164075
>

------------------------------------------------------
http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=3164355

Reply via email to