Java SSL client and IIS 5.0 server problem

P

prakash

HI,

I have a problem using JAVA client to do SSL mutual authentication
with IIS web server. MS was not able to figure out the problem,
thought java experts will be able to solve this.

I have IIS 5.0 running on windows 2000 machine with SSL enabled, and
"client certificate required" enabled.

I have the root CA and the intermediate Ca certificate installed on
the machine store of the IIS machine. No problem with those things.

I have a p12 file (with private key and certificate from a CA) which I
am using in java client code to connect to IIS web server.

The SSL handshke process goes well wihtout any problem, but after that
IIS server rejects connecting with error code 403.7, whihc tell the
the java client is not sending the client certificate. When I did
tracing, I could see that IIS server when asking for client
certificate from java client, sends only the root ca certificates, not
the intermediate ca certificates. Java client has certificates issued
by intermediate CA, so it does not send any certificate to IIS web
server.

The same java client works fine with Iplanet web server.
The same IIS web server works well with IE, netscape browsers with
same configuration.

Has anyone come across this situation. Any help would be greatly
appreciated.

FYI: here is the code snippet

System.setProperty("java.protocol.handler.pkgs",
"com.sun.net.ssl.internal.www.protocol");
System.setProperty("javax.net.ssl.keyStore", "E:/examples/ssl/p12
file name");
System.setProperty("javax.net.ssl.keyStoreType", "PKCS12");
System.setProperty("javax.net.ssl.keyStorePassword", "password to
key store");
System.setProperty("javax.net.ssl.trustStore","D:/JBuilder9/jdk1.4/jre/lib/security/cacerts");
System.setProperty("javax.net.ssl.trustStoreType", "JKS");
System.setProperty("javax.net.ssl.trustStorePassword",
"changeit");
System.setProperty("https.protocols", "SSLv3");
System.setProperty("javax.net.debug", "all");

URL SSL_URL = new URL("url to web server");
URLConnection con = SSL_URL.openConnection();
((HttpURLConnection)con).setRequestMethod( "POST");

Thanks a lot.
Smiley
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

No members online now.

Forum statistics

Threads
473,982
Messages
2,570,190
Members
46,740
Latest member
AdolphBig6

Latest Threads

Top