|
|
Secure Sopckets and Mutual Authentication
I am trying to support a colleague with a particular problem.
He has posted a more technical question elsewhere on this forum, but I
was wondering if I ask the question in a non-technical way, others may
get a better understanding of what we're tring to do
Using JDK 6 (embedded JSSE) we need some code that can set up an SSL
socket for an HTTPS connection where BOTH server and client
certifricates can be exchanged.
We have tried all sorts of things, but I wonder if someone out there
has a code fragment we can look at which is known to work.
|
|
0
|
|
|
|
Reply
|
 dave
|
10/15/2008 12:49:51 PM |
|
dave.clarke@reflective.com wrote:
> Using JDK 6 (embedded JSSE) we need some code that can set up an SSL
> socket for an HTTPS connection where BOTH server and client
> certifricates can be exchanged.
>
> We have tried all sorts of things, but I wonder if someone out there
> has a code fragment we can look at which is known to work.
For SSLServerSockets, you just need a flag to request the client
certificate during the handshake:
http://java.sun.com/javase/6/docs/api/javax/net/ssl/SSLSocket.html#setNeedClientAuth(boolean)
The client certificate can be retrieved from the SSLSession after the
handshake.
It is up to the server to request the client certificate, i.e. if you're
working on a client, I don't think that you can send your certificate to
the server by your own in a SSL compliant way if the server didn't
requested it.
Ronny
|
|
|
0
|
|
|
|
Reply
|
Ronny
|
10/15/2008 2:15:11 PM
|
|
On 15 Oct, 15:15, Ronny Schuetz <Usenet....@gishpuppy.com> wrote:
> dave.cla...@reflective.com wrote:
> > Using JDK 6 (embedded JSSE) we need some code that can set up an SSL
> > socket for an HTTPS connection where BOTH server and client
> > certifricates can be exchanged.
>
> > We have tried all sorts of things, but I wonder if someone out there
> > has a code fragment we can look at which is known to work.
>
> For SSLServerSockets, you just need a flag to request the client
> certificate during the handshake:
>
> http://java.sun.com/javase/6/docs/api/javax/net/ssl/SSLSocket.html#se...)
>
> The client certificate can be retrieved from the SSLSession after the
> handshake.
>
> It is up to the server to request the client certificate, i.e. if you're
> working on a client, I don't think that you can send your certificate to
> the server by your own in a SSL compliant way if the server didn't
> requested it.
>
> Ronny
Hi Ronny
Thanks for your reply. We have now solved this problem .
It seems as if when authenticating clients, you can't give a keystore
to the SSLSocket, you have to give a specific certificate.
We also made one or two other simple errors which were relatively easy
to track down.
Thanks for taking the trouble to reply.
All the very best
Dave
|
|
|
0
|
|
|
|
Reply
|
dave
|
10/17/2008 8:10:53 AM
|
|
|
2 Replies
294 Views
(page loaded in 0.092 seconds)
|
|
|
|
|
|
|
|
|
Search |
Post Question |
Groups |
Stream |
About |
Register
1258 articles. 
2 followers. 