P
prakash
HI,
I have a problem using JAVA client to do SSL mutual authentication
with IIS web server. MS was not able to figure out the problem,
thought java experts will be able to solve this.
I have IIS 5.0 running on windows 2000 machine with SSL enabled, and
"client certificate required" enabled.
I have the root CA and the intermediate Ca certificate installed on
the machine store of the IIS machine. No problem with those things.
I have a p12 file (with private key and certificate from a CA) which I
am using in java client code to connect to IIS web server.
The SSL handshke process goes well wihtout any problem, but after that
IIS server rejects connecting with error code 403.7, whihc tell the
the java client is not sending the client certificate. When I did
tracing, I could see that IIS server when asking for client
certificate from java client, sends only the root ca certificates, not
the intermediate ca certificates. Java client has certificates issued
by intermediate CA, so it does not send any certificate to IIS web
server.
The same java client works fine with Iplanet web server.
The same IIS web server works well with IE, netscape browsers with
same configuration.
Has anyone come across this situation. Any help would be greatly
appreciated.
FYI: here is the code snippet
System.setProperty("java.protocol.handler.pkgs",
"com.sun.net.ssl.internal.www.protocol");
System.setProperty("javax.net.ssl.keyStore", "E:/examples/ssl/p12
file name");
System.setProperty("javax.net.ssl.keyStoreType", "PKCS12");
System.setProperty("javax.net.ssl.keyStorePassword", "password to
key store");
System.setProperty("javax.net.ssl.trustStore","D:/JBuilder9/jdk1.4/jre/lib/security/cacerts");
System.setProperty("javax.net.ssl.trustStoreType", "JKS");
System.setProperty("javax.net.ssl.trustStorePassword",
"changeit");
System.setProperty("https.protocols", "SSLv3");
System.setProperty("javax.net.debug", "all");
URL SSL_URL = new URL("url to web server");
URLConnection con = SSL_URL.openConnection();
((HttpURLConnection)con).setRequestMethod( "POST");
Thanks a lot.
Smiley
I have a problem using JAVA client to do SSL mutual authentication
with IIS web server. MS was not able to figure out the problem,
thought java experts will be able to solve this.
I have IIS 5.0 running on windows 2000 machine with SSL enabled, and
"client certificate required" enabled.
I have the root CA and the intermediate Ca certificate installed on
the machine store of the IIS machine. No problem with those things.
I have a p12 file (with private key and certificate from a CA) which I
am using in java client code to connect to IIS web server.
The SSL handshke process goes well wihtout any problem, but after that
IIS server rejects connecting with error code 403.7, whihc tell the
the java client is not sending the client certificate. When I did
tracing, I could see that IIS server when asking for client
certificate from java client, sends only the root ca certificates, not
the intermediate ca certificates. Java client has certificates issued
by intermediate CA, so it does not send any certificate to IIS web
server.
The same java client works fine with Iplanet web server.
The same IIS web server works well with IE, netscape browsers with
same configuration.
Has anyone come across this situation. Any help would be greatly
appreciated.
FYI: here is the code snippet
System.setProperty("java.protocol.handler.pkgs",
"com.sun.net.ssl.internal.www.protocol");
System.setProperty("javax.net.ssl.keyStore", "E:/examples/ssl/p12
file name");
System.setProperty("javax.net.ssl.keyStoreType", "PKCS12");
System.setProperty("javax.net.ssl.keyStorePassword", "password to
key store");
System.setProperty("javax.net.ssl.trustStore","D:/JBuilder9/jdk1.4/jre/lib/security/cacerts");
System.setProperty("javax.net.ssl.trustStoreType", "JKS");
System.setProperty("javax.net.ssl.trustStorePassword",
"changeit");
System.setProperty("https.protocols", "SSLv3");
System.setProperty("javax.net.debug", "all");
URL SSL_URL = new URL("url to web server");
URLConnection con = SSL_URL.openConnection();
((HttpURLConnection)con).setRequestMethod( "POST");
Thanks a lot.
Smiley