Hello Christine, nice to hear such good news :)
Best regards, Thierry Boileau Le mar. 15 mars 2016 à 21:24, Christine Karman <christ...@christine.nl> a écrit : > On 04-03-16 15:29, Thierry Boileau wrote: > > Hello Christine, > > I wonder if all the intermediate certificates have been registered in the > keystore with the same alias entry. > Could you have a look at this post? > > http://stackoverflow.com/questions/9299133/why-doesnt-java-send-the-client-certificate-during-ssl-handshake/9300727#9300727 > > > Thierry, > I made a mistake in building the keystore, sorry for the fuss. It works > now. > > I'm very happy with Restlet :-) > > > dagdag > > Christine > > > > Best regards, > Thierry Boileau > > Le mer. 2 mars 2016 à 22:45, Christine Karman <christ...@christine.nl> a > écrit : > >> I want to switch from using a self-signed certificate in Restlet, which >> worked well, to a startcom certificate. The reason I want to change it >> is that I want to give third parties access to the server without having >> to give them my self signed cert. >> >> Now I see an issue with Restlet apparently not sending the certificate >> chain, which my android app doesn't like. When I type >> >> openssl s_client -showcerts -connect pengo.christine.nl:9005 >> >> in a shell, I get this error: >> >> CONNECTED(00000003) >> depth=0 CN = pengo.christine.nl >> verify error:num=20:unable to get local issuer certificate >> verify return:1 >> depth=0 CN = pengo.christine.nl >> verify error:num=21:unable to verify the first certificate >> verify return:1 >> >> When I type >> openssl s_client -showcerts -connect pengo.christine.nl:9005 -CAfile >> ./chain.crt >> >> with chain.crt containing the root cert and intermediate cert, I get >> >> CONNECTED(00000003) >> depth=2 C = IL, O = StartCom Ltd., OU = Secure Digital Certificate >> Signing, CN = StartCom Certification Authority >> verify return:1 >> depth=1 C = IL, O = StartCom Ltd., OU = StartCom Certification >> Authority, CN = StartCom Class 1 DV Server CA >> verify return:1 >> depth=0 CN = pengo.christine.nl >> verify return:1 >> >> My restlet configuration contains >> >> params.add("sslContextFactory", >> "org.restlet.engine.ssl.DefaultSslContextFactory"); >> params.add("keystorePath", >> "/home/christine/motogymkhana/pengo_ssl.jks"); >> params.add("keystorePassword", ServerConstants.keyStorePw); >> params.add("keystoreType", "JKS"); >> params.add("keyAlias", ServerConstants.keyAlias); >> params.add("keyPassword", ServerConstants.keyPw); >> >> The keystore does contain the same certificates as the chain.crt file. >> >> How do I make Restlet send the chain with the certificate? >> >> dagdag >> Christine >> >> >> -- >> dagdag is just a two character rotation of byebye >> >> ------------------------------------------------------ >> >> http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=3164075 >> > > > -- > dagdag is just a two character rotation of byebye > > ------------------------------------------------------ http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=3166203