Reputation: 12490
Java certificate based authentication
I have a thrift endpoint that someone created who is not longer with our company. They implemented the authentication via client side certs, but I having a hard time wrapping my head around how it all works. Does anyone know of a tutorial, or howto on this topic.
All I really have is a sample client class. Here are a list of things that I need help with:
- Can a server cert and the client cert both be contained in the same trust store
- How do you create a new client side cert?
- How do you add that client side cert to the server trust store?
- Do you need to set the client trust store, and set the java trust (assuming the server is a self signed endpoint)
What does the following error mean?
ERROR[com.cada.CadaDaoTest][main] - Error: org.apache.thrift.transport.TTransportException: javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate
Upvotes: 0
Views: 2998
Answers (1)
Reputation: 597432
The truststore (on Tomcat it's configured forthe SSL connector in server.xml) can hold the root of the certificate chain of the client certificate, not the certificate itself. That is, when a certificate is created, it is signed by a CA - certificate authority. If the CA cert is trusted, all certs singed by the CA are trusted as well.
You can create certificates using either keytool (in jdk/bin/) or openssl. There are GUIs for that, like portecle.
The tomcat ssl tutorial might be helpful.
Upvotes: 1
Related Questions
- Java HTTPS client certificate authentication
- SSL Certificate Verification in Java
- Java and SSL certificates
- How to do basic http authentication in JAVA with login credentials and ssl certificate?
- Java 6 HTTPS client certificate authentication
- Certificate based authentication
- Java SSL Certificate
- Java SSL communication
- SSL authentication in Java as Server/client model
- Self signed Certificate Based Authentication