Oleg,
The client certificate authentication is configured to be optional. The
clients can either authenticate via a user certificate or via a user name /
password. I am writing an automated interface that requires client
authentification.
The way that I determine that the client certificate wasn't sent, is by the
page returned in the HTTP response. If I request a particular page and get
the login page instead, I know the certificate was not sent. If I get the
requested page, I know the certificate was sent and accepted by the server.
I can validate this with IE by requesting a page without logging in. If I
have a vaid client cert, I get the desired page. If not, I get the login
page. My Java program, however, always gives me the login page. I am
assuming that this is because the server is not requesting the client
certificate.
My belief at this point is that Oracle is only sending the client
certificate to browser (IE) based clients. That would explain the problem. I
have created an Oracle TAR, to see if this is an Oracle problem.
I want to make sure that no client certificate request was made. I didn't
see one looking at the log and I assume you didn't either. I expect to hear
from Oracle soon, I'll let you know what they have to say about this.
Thanks,
Dale
- Original Message -
From: Oleg Kalnichevski [EMAIL PROTECTED]
To: Commons HttpClient Project [EMAIL PROTECTED]
Sent: Saturday, September 25, 2004 2:19 PM
Subject: Re: Problems using AuthSSLProtocolSocketFactory to send
ClientCertificate in HTTPS session handshake
Dale,
Do you know if the client authentication has been configured as required
or optional? Does the server reject the connection when attempt is made
to authenticate with an invalid certificate? The fact that IE pops up
the certificate dialog does not not actually mean that the server
validates the certificate or requests a client certificate at all. I
tend to trust more the SSL log showing that the server did not request a
client certificate.
I retested the AuthSSLProtocolSocketFactory against Apache 2.0.51 with
mod_ssl one more time and everything appeared to be OK.
Oleg
On Sat, 2004-09-25 at 22:26, Dale McIntosh wrote:
I have been trying for quite a wile to get the
AuthSSLProtocolSocketFactory
to send a client certificate and it doesn't seem to be working. I am
wondering if the server (Oracle single sign-on server) is requesting the
client cert. When the request is made from a browser, the browser does
send
the client cert. I have attached, my application, it is relatively
simple
and a debug log. The debug options I used were -
javax.net.debug=ssl,handshake,keymanager.
I have looked at the debug log and I do not see a certificate request.
However, when IE is used, IE sends a client certificate.
Any help would be appreciated.
Thanks,
Dale McIntosh
__
-
To unsubscribe, e-mail:
[EMAIL PROTECTED]
For additional commands, e-mail:
[EMAIL PROTECTED]
-
To unsubscribe, e-mail:
[EMAIL PROTECTED]
For additional commands, e-mail:
[EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]