Reputation: 7894
SSL Authentication
Is there an easy way to check whether two .p12 files, one for a server and one for a client, should be mutually acceptable to each other for an SSL handshake with authorization (including client authorization) required on both sides? Each of these .p12 files contains both trust managers and key managers.
In particular, what would cause an error like this on the server side?
SEND TLSv1 ALERT: fatal, description = bad_certificate
WRITE: TLSv1 Alert, length = 2
called closeSocket()
handling exception: javax.net.ssl.SSLHandshakeException: null cert chain
Upvotes: 1
Views: 1913
Answers (2)
Reputation: 269847
No, there's no easy way, because mutual acceptability depends on the configuration of the client and server, and that goes way beyond the certificates they use.
For example, certificates have a "policy" which identifies the practices and policies under which they were issued. Each party can have local configuration that includes a set of acceptable policies. There are many other examples.
Upvotes: 1
Reputation: 14160
In TLS handshake first client verifies received server's certificate, and after, depending on certificate algorithm and other parameters, sends his own. In your situation it seems that server received client's certificate and denied it, probably because of empty certificate chain (i.e. client's certificate is self signed?).
Upvotes: 3
Related Questions
- Secure communication basics
- Confusion about HTTPS --> How is SSL handshake happing
- Client Certificate Authentication in SSL Handshake
- SSL HandShake - Client Authentication
- SSL Certificate Authentication
- Clarification on SSL Handshake
- SSL handshake with intermediate certificate
- Authenticate server (peer) with SSL
- TLS mutual authentication
- Security & TLS handshake when client is authenticated