asdas adfsdf wrote:
Hello,
this is what i got using client validation on.
Finalizer, SEND TLSv1 ALERT: warning, description = close_notify
Finalizer, WRITE: TLSv1 Alert, length = 2
Thread-3, received EOFException: error
Thread-3, handling exception: javax.net.ssl.SSLHandshakeException: Remote host
closed connection during handshake
Thread-3, SEND TLSv1 ALERT: fatal, description = handshake_failure
Thread-3, WRITE: TLSv1 Alert, length = 2
Thread-3, called closeSocket()
this is what i did:
#1. create self-sifned certificate
keytool -genkey -alias myalias -keyalg RSA -keystore test.keystore
#2. extract in der form
keytool -export -alias myalias -keystore test.keystore -file myalias-der.crt
#3. convert the in DER coded certificate in PEM
openssl x509 -out myalias.crt -outform pem -text -in myalias-der.crt -inform der
#4. extract the private key with ExportPriv.java
(http://mark.foster.cc/pub/java/ExportPriv.java)
javac ExportPriv.java
java ExportPriv test.keystore myalias password > myalias.key
#5. reconvert the private key again to get it used with apache
openssl rsa -in myalias.key -out privkey.key
#6. generate new server.keystore with ImportKey
(http://www.comu.de/docs/tomcat_ssl.htm)
java ImportKey myalias.key.der myalias-der.crt myalias
after doing this steps, i create a new file which contains
-----BEGIN CERTIFICATE-----
MII...
-----END CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY-----
MII...
-----END RSA PRIVATE KEY-----
by pasting from from myalias.crt and privkey.key, and this file is used as the
client certificate.
For the apache ftp server, i told it to use the keystore from the file
server.keystore.
I'm not sure I understand why you need to use all these steps. All you
need are a standard JKS keystore and truststore. FtpServer uses the
normal JSSE support in the JRE so I don't believe we do anything funky
(but I might be missing something).
/niklas
