Hello everybody, we use Webtest for an Java application requiring client authentication with a client certificate. The whole process ist set up correctly, at least from my limited understanding of the issue, and it is running with R_1804. Now we want to upgrade to R_1812, because we have some issues with JavaScript and would like to see if the new release can handle them. Unfortunately, R_1812 doesn't seem to send the client certificate to the server.
Configuration: - keystore-client.jks containing the client's key - truststore-client.jks containing the server's certificate and the chain to the root CA - keystore-server.jks containing the server's key - truststore-server.jks containing the client's certificate and the chain to the root CA Run with R_1804: Basically runs, but with lots of JavaScript errors. Run with R_1812: DEBUG [wire] << "HTTP/1.1 403 A client certificate is required for accessing this web application but the server's listener is not configured for mutual authentication (or the client did not provide a certificate). I don't think the problem lies on the server side, as the tests run in principle with R_1804 and the application can be accessed if I point my browser to it and show the certificate we use for our web tests. Do you have any hints about how Webtest needs to be configured in order to get Client Authentication running with R_1812? Your help is very much appreciated. Best regards, Stefan And, at last, the trace, truncated for readability: [...] trigger seeding of SecureRandom done seeding SecureRandom [INFO] Started Jetty Server matching alias: localhost [...] 11:37:43,914 DEBUG [DefaultClientConnectionOperator] Connecting to localhost:9443 15582013@qtp-33156000-0 - Acceptor0 [email protected]:9443, setSoTimeout(60000) called 11137488@qtp-33156000-2, READ: SSL v2, contentType = Handshake, translated length = 73 *** ClientHello, TLSv1 RandomCookie: GMT: 1306843511 bytes = { 56, 196, 206, 0, 111, 73, 134, 118, 8, 160, 247, 69, 106, 117, 103, 76, 5, 14, 88, 150, 126, 24, 1, 127, 89, 72, 180, 1 } Session ID: {} Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA] Compression Methods: { 0 } *** %% Created: [Session-1, SSL_RSA_WITH_RC4_128_MD5] *** ServerHello, TLSv1 RandomCookie: GMT: 1306843511 bytes = { 52, 169, 220, 150, 8, 25, 141, 5, 48, 35, 251, 38, 154, 99, 195, 154, 146, 158, 201, 202, 0, 49, 137, 26, 82, 193, 244, 169 } Session ID: {78, 229, 217, 119, 73, 113, 217, 152, 22, 39, 138, 111, 136, 138, 75, 153, 88, 82, 203, 175, 246, 208, 222, 229, 202, 78, 162, 83, 64, 103, 18, 203} Cipher Suite: SSL_RSA_WITH_RC4_128_MD5 Compression Method: 0 *** Cipher suite: SSL_RSA_WITH_RC4_128_MD5 *** Certificate chain chain [0] = [ [ Version: V3 Subject: CN=localhost, OU=xyz.com, O=Servers, L=London, ST=London, C=GB Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5 Key: Sun RSA public key, 1024 bits modulus: 108179520582626822638263617848905027511161983397035334859586617940396503275226297314419112641429673772815414154588185689450086794418126380116469876447746116876526529296927698475792482523613734425774095991267658995448239701473099823977872960073463698471939264453180732791079663625225376172627320425821382416099 public exponent: 65537 Validity: [From: Wed Jan 19 13:32:08 CET 2011, To: Fri Jan 18 13:32:08 CET 2013] Issuer: OU=xyz SubCA6, O=xyz.com SerialNumber: [ 0173a1] ] Finalizer, called close() Finalizer, called closeInternal(true) Finalizer, SEND TLSv1 ALERT: warning, description = close_notify chain [1] = [ [ Version: V3 Subject: OU=xyz SubCA6, O=xyz.com Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5 Key: Sun RSA public key, 2048 bits modulus: 21077179614980924552855547926845795082503734962648615738374707564394966771312487699344668730631450906054002105218090582799476155617105906711105854391477692983426765905285481004581815097457749138965413226194802444891334213260154330388969319371638451935786431474020328288795926093886156602391468417274716885691388701694666218335304910071020802195863670908856712216966723423610875601275038947993478888330783293320280090417025936486552048706050451547170489848081911307807776799405983928074385716345769457327635540581499808253060786405830073574096180165205179031691973127115275108578539472757566984943643155472507783162351 public exponent: 65537 Validity: [From: Mon Oct 27 17:31:04 CET 2008, To: Sun Oct 27 17:31:04 CET 2013] Issuer: OU=xyz.com Root CA, O=xyz.com SerialNumber: [ 0b] ] Finalizer, WRITE: TLSv1 Alert, length = 2 chain [2] = [ [ Version: V3 Subject: OU=xyz.com Root CA, O=xyz.com Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5 Key: Sun RSA public key, 2048 bits modulus: 25044731012054645282617997587135108698221091449946114046965559409838353964603378893947190416649335671787115486301258240601119549460512507214213349309463747555130118623321803608778625008929468277426351567138634928886111370594014445909773807561246229952264996153215096847999657351678255661535577755892764953105218210180109130655895296582874388666225205057529302011092669389985743983002852428541926068473665396990966701377299066260745791087063571689460764459861960684953434847745337983185780406938492832264833331532126794763886678707290293547890427336915794820137224506816880965027470649206975301006854620635705104491821 public exponent: 65537 Validity: [From: Thu Feb 01 12:28:27 CET 2001, To: Tue Feb 02 12:28:27 CET 2016] Issuer: OU=xyz.com Root CA, O=xyz.com SerialNumber: [ 00] ] *** *** CertificateRequest Cert Types: RSA, DSS, Cert Authorities: <OU=xyz SubCA6, O=xyz.com> <CN=g-hm-testuser-dev, OU=people, O=xyz.com> <OU=xyz.com Root CA, O=xyz.com> *** ServerHelloDone 11137488@qtp-33156000-2, WRITE: TLSv1 Handshake, length = 3153 11137488@qtp-33156000-2, READ: TLSv1 Handshake, length = 141 *** Certificate chain *** RSA PreMasterSecret version: TLSv1 *** ClientKeyExchange, RSA PreMasterSecret, TLSv1 Random Secret: { 3, 1, 168, 147, 30, 214, 196, 68, 30, 168, 72, 187, 203, 126, 95, 236, 0, 99, 112, 166, 185, 35, 182, 232, 232, 129, 193, 134, 42, 196, 183, 31, 71, 47, 170, 109, 34, 80, 242, 154, 164, 52, 88, 236, 178, 67, 79, 14 } SESSION KEYGEN: PreMaster Secret: 0000: 03 01 A8 93 1E D6 C4 44 1E A8 48 BB CB 7E 5F EC .......D..H..._. 0010: 00 63 70 A6 B9 23 B6 E8 E8 81 C1 86 2A C4 B7 1F .cp..#......*... 0020: 47 2F AA 6D 22 50 F2 9A A4 34 58 EC B2 43 4F 0E G/.m"P...4X..CO. CONNECTION KEYGEN: Client Nonce: 0000: 4E E5 D9 77 38 C4 CE 00 6F 49 86 76 08 A0 F7 45 N..w8...oI.v...E 0010: 6A 75 67 4C 05 0E 58 96 7E 18 01 7F 59 48 B4 01 jugL..X.....YH.. Server Nonce: 0000: 4E E5 D9 77 34 A9 DC 96 08 19 8D 05 30 23 FB 26 N..w4.......0#.& 0010: 9A 63 C3 9A 92 9E C9 CA 00 31 89 1A 52 C1 F4 A9 .c.......1..R... Master Secret: 0000: D4 E9 CE 2D B9 0D 87 0E A4 14 F7 EB 3A 88 D2 79 ...-........:..y 0010: 1A 2C 38 BB DE A8 C1 E4 DB F6 E4 1E 2C 7B C4 29 .,8.........,..) 0020: 0B A0 8F E4 BF 26 EB 59 77 80 01 B1 57 17 82 0A .....&.Yw...W... Client MAC write Secret: 0000: 44 A1 DB 2B 94 6F E4 1F D5 8E 6E 16 90 2E 54 0E D..+.o....n...T. Server MAC write Secret: 0000: 15 FF 37 23 23 85 A8 3A 57 EF 83 67 AC 82 B5 1F ..7##..:W..g.... Client write key: 0000: A5 F4 93 97 7A C1 7E 5A FC 5D A2 8D 3E 1F DC CB ....z..Z.]..>... Server write key: 0000: DF 87 5C BB A5 5B 1D F7 EA 57 98 2B DF 39 56 D0 ..\..[...W.+.9V. ... no IV for cipher 11137488@qtp-33156000-2, READ: TLSv1 Change Cipher Spec, length = 1 11137488@qtp-33156000-2, READ: TLSv1 Handshake, length = 32 *** Finished verify_data: { 22, 109, 13, 249, 189, 223, 15, 199, 104, 110, 189, 65 } *** 11137488@qtp-33156000-2, WRITE: TLSv1 Change Cipher Spec, length = 1 *** Finished verify_data: { 210, 22, 171, 134, 233, 234, 125, 59, 47, 47, 106, 168 } *** 11137488@qtp-33156000-2, WRITE: TLSv1 Handshake, length = 32 %% Cached server session: [Session-1, SSL_RSA_WITH_RC4_128_MD5] 11:37:44,039 DEBUG [RequestAddCookies] CookieSpec selected: mine 11:37:44,039 DEBUG [RequestAuthCache] Auth cache not set in the context 11:37:44,039 DEBUG [DefaultHttpClient] Attempt 1 to execute request 11:37:44,039 DEBUG [DefaultClientConnection] Sending request: GET /index.html HTTP/1.1 11:37:44,039 DEBUG [wire] >> "GET /index.html HTTP/1.1[\r][\n]" 11:37:44,039 DEBUG [wire] >> "User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)[\r][\n]" 11:37:44,039 DEBUG [wire] >> "Accept-Language: en-us,en;q=0.5[\r][\n]" 11:37:44,039 DEBUG [wire] >> "Accept: */*[\r][\n]" 11:37:44,039 DEBUG [wire] >> "Host: localhost:9443[\r][\n]" 11:37:44,039 DEBUG [wire] >> "Connection: Keep-Alive[\r][\n]" 11:37:44,039 DEBUG [wire] >> "[\r][\n]" 11:37:44,039 DEBUG [headers] >> GET /index.html HTTP/1.1 11:37:44,039 DEBUG [headers] >> User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows 98) 11:37:44,039 DEBUG [headers] >> Accept-Language: en-us,en;q=0.5 11:37:44,039 DEBUG [headers] >> Accept: */* 11:37:44,039 DEBUG [headers] >> Host: localhost:9443 11:37:44,039 DEBUG [headers] >> Connection: Keep-Alive 11137488@qtp-33156000-2, READ: TLSv1 Application Data, length = 196 11137488@qtp-33156000-2, WRITE: TLSv1 Application Data, length = 357 11137488@qtp-33156000-2, WRITE: TLSv1 Application Data, length = 1741 11:37:44,054 DEBUG [wire] << "HTTP/1.1 403 A client certificate is required for accessing this web application but the server's listener is not configured for mutual authentication (or the client did not provide a certificate).[\r][\n]" 11:37:44,054 DEBUG [wire] << "Content-Type: text/html; charset=iso-8859-1[\r][\n]" 11:37:44,070 DEBUG [wire] << "Cache-Control: must-revalidate,no-cache,no-store[\r][\n]" 11:37:44,070 DEBUG [wire] << "Content-Length: 1725[\r][\n]" 11:37:44,070 DEBUG [wire] << "Server: Jetty(6.1.24)[\r][\n]" 11:37:44,070 DEBUG [wire] << "[\r][\n]" 11:37:44,070 DEBUG [DefaultClientConnection] Receiving response: HTTP/1.1 403 A client certificate is required for accessing this web application but the server's listener is not configured for mutual authentication (or the client did not provide a certificate). 11:37:44,070 DEBUG [headers] << HTTP/1.1 403 A client certificate is required for accessing this web application but the server's listener is not configured for mutual authentication (or the client did not provide a certificate). [...] _______________________________________________ WebTest mailing list [email protected] http://lists.canoo.com/mailman/listinfo/webtest
