Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > Java > JSSE -- SSL with client authentication and keystore with multiplecerts

Reply
Thread Tools

JSSE -- SSL with client authentication and keystore with multiplecerts

 
 
John Salvo
Guest
Posts: n/a
 
      09-01-2003

If you have one keyStore that has mulitple client certificates in it (
say one for each HTTPS webserver that requires client authentication ),
how does JSSE know which one of these certificates in the keystore to
send to the server ?


 
Reply With Quote
 
 
 
 
John Salvo
Guest
Posts: n/a
 
      09-05-2003
John Salvo wrote:
>
> If you have one keyStore that has mulitple client certificates in it (
> say one for each HTTPS webserver that requires client authentication ),
> how does JSSE know which one of these certificates in the keystore to
> send to the server ?
>
>


Just as a followup ... I have found a solution:

1) The KeyStore class has a boolean variable initailized that first
needs to be true before you can call setKeyEntry(), and the only way to
set this to true is to call load().

2) Java's PKCS12 keystore implementation does not implement the store()
method. I therefore could not combine "save" a new PKCS12 file.

3) The alternative that worked is to create a new JKS keystore using
keytool, load that in your Java program, then call setKeyEntry() for
each alias / Key / Certificate Chain that you have loaded on your
existing PKCS12 keystores ... then call store().

After that, you setup your KeyManagerFactory with the new JKS keystore,
setup an SSLContext with the KeyManagers from the KeyManagerFactory.
Then lastly, call
HttpsURLConnection.setDefaultSSLSocketFactory(
sslcontext.getSSLSocketFactory() );

When that is done, I was able to authenticate myself to webservers that
required SSL client authentication.

Regards,

John Salvo

 
Reply With Quote
 
 
 
 
John Salvo
Guest
Posts: n/a
 
      09-07-2003
John Salvo wrote:
> John Salvo wrote:
>
>>
>> If you have one keyStore that has mulitple client certificates in it (
>> say one for each HTTPS webserver that requires client authentication
>> ), how does JSSE know which one of these certificates in the keystore
>> to send to the server ?
>>
>>

>
> Just as a followup ... I have found a solution:
>
> 1) The KeyStore class has a boolean variable initailized that first
> needs to be true before you can call setKeyEntry(), and the only way to
> set this to true is to call load().
>
> 2) Java's PKCS12 keystore implementation does not implement the store()
> method. I therefore could not combine "save" a new PKCS12 file.
>
> 3) The alternative that worked is to create a new JKS keystore using
> keytool, load that in your Java program, then call setKeyEntry() for
> each alias / Key / Certificate Chain that you have loaded on your
> existing PKCS12 keystores ... then call store().
>
> After that, you setup your KeyManagerFactory with the new JKS keystore,
> setup an SSLContext with the KeyManagers from the KeyManagerFactory.
> Then lastly, call
> HttpsURLConnection.setDefaultSSLSocketFactory(
> sslcontext.getSSLSocketFactory() );
>
> When that is done, I was able to authenticate myself to webservers that
> required SSL client authentication.
>
> Regards,
>
> John Salvo
>




Alternatively, the easier way to combine your client certs are:

1) Create a new JKS keystore with keytool

2) For each of your PKCS12 file, export the key to another file

3) For each of the exported keys from the PKCS12 files, import them into
the JKS keystore.

4) Use the JKS keystore in your code

 
Reply With Quote
 
John Salvo
Guest
Posts: n/a
 
      09-09-2003
John Salvo wrote:
>
> Alternatively, the easier way to combine your client certs are:
>
> 1) Create a new JKS keystore with keytool
>
> 2) For each of your PKCS12 file, export the key to another file
>
> 3) For each of the exported keys from the PKCS12 files, import them into
> the JKS keystore.
>
> 4) Use the JKS keystore in your code
>


Turns out using keytool will not work ... when you export from the
PKCS12 and import into JKS, only the key, but not the certificate itself
is added ( or exported from PKCS12 ).

You have to do it via by writing Java code.

 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
JSSE & SSL Patrick Wallingford Java 4 12-05-2006 08:55 AM
ibm jsse ssl and client authentication javerra Java 7 10-06-2006 12:14 AM
JSSE and SSL - No trusted certificate found Neill Java 0 06-07-2005 03:31 AM
Two Way SSL with Sun JSSE [urgent] Deepak Nayal Java 7 10-22-2003 10:35 PM
Help me understand SSL/JSSE! Brian J. Sayatovic Java 0 10-03-2003 06:41 PM



Advertisments