Reputation: 6198
How to verify the correctness of configuring mutual authentication (client certificate, server certificate) Java EE?
I am trying to write a simple application to understand the basics of configuring authentication based on client and server certificates.
I have done everything as it is explained in jave ee 5, java ee 6 tutorials http://docs.oracle.com/javaee/6/tutorial/doc/glien.html
- Opened example from javaee tutorials hello basicauthorization (just simple servlet which can be accessed only after authentication) and then reconfigured it for client certificates instead of basic authorizations
- Configured web.xml
- Configured glassfish-web.xml
- Generated client certificate
- Imported client certificate so that the server would trust it.
The problem:
When I deploy my application, and follow the link, corresponding to the application, I get a message from glassfish server HTTP Status 400 - No client certificate chain in this request".
So, it seems, that the client (browser) doesn't send the certificate with the request
I tried adding the .cer certificate to Chrome, firefox, internet explorer and they are added (no error is displayed), but as you see that doesn't help.
So, the question is:
How to get the access to my application through the web browser having client .cer certificate?
Upvotes: 1
Views: 2454
Answers (1)
Reputation: 6237
You can debug ssl on the server-side by adding (somewhere in Glassfish) system properties:
-Djavax.net.debug=all
see this page for details.
You can also debug from the client perspective using openssl tool:
openssl s_client -connect host:port -debug -msg
you should see something like this:
...
Acceptable client certificate CA names
/C=PL/O=company/OU=xx/CN=host/[email protected]
/C=PL/O=company/OU=xx/CN=ca/[email protected]
---
SSL handshake has read 2536 bytes and written 116 bytes
...
your problem is probably related to bad truststore configuration on the server-side - server sends some Acceptable client certificate CA names (or no at all), but browser doesn't have anything to offer - it doesn't have any private key+certificate issued by acceptable ca.
Upvotes: 1
Related Questions
- how to verify if java sends the client certificate in a mutual auth scenario
- Java HTTPS client certificate authentication
- How to do mutual SSL authentication in java
- Provided certificate and key as part of SSL handshake
- Java HTTPS Server: Mutual SSL Authentication
- how to configure mutual certificate authentication
- How to set mutual authentication using SSL in Java SE
- Java 6 HTTPS client certificate authentication
- Java Manual Client Certificate Authentication
- Java EE Certificate-Based Mutual Authentication