Wrox Programmer Forums
Go Back   Wrox Programmer Forums > Java > Java and JDK > J2EE
Reload this Page Generating new ssl keys for mutual auth -> browser
|
J2EE General J2EE (Java 2 Enterprise Edition) discussions. Questions not specific to EE will be redirected elsewhere.
Welcome to the p2p.wrox.com Forums.

You are currently viewing the J2EE section of the Wrox Programmer to Programmer discussions. This is a community of software programmers and website developers including Wrox book authors and readers. New member registration was closed in 2019. New posts were shut off and the site was archived into this static format as of October 1, 2020. If you require technical support for a Wrox book please contact http://hub.wiley.com
 
Old June 2nd, 2004, 03:18 PM
Registered User
  
Join Date: May 2004
Posts: 4
Thanks: 0
Thanked 0 Times in 0 Posts
Default Generating new ssl keys for mutual auth -> browser
Hello,

I use Sun Application Server 8.
What I intend to do - generate new server key pair, then generate client key pair. Export client pair to IE & Netscape for mutual auth.

Command I use:

Server pair:
1. keytool -genkey -keyalg rsa -keystore keystore.jks -storepass pass -alias server -dname "cn=www.myCompany.com,o=O2,ou=Ou2,L=W,C=US,S=W "
2. keytool -export -alias server -file server.cer -keystore keystore.jks --storepass pass
3. keytool -noprompt -import -v -trustcacerts -file server.cer -alias server -keystore cacerts.jks -storepass pass2

Client pair:
1. keytool -genkey -keyalg rsa -keystore keystore.jks -storepass ssaperots -alias client -dname "cn=client1,o=O2,ou=Ou2,L=W,C=US,S=W"
2. keytool -export -alias client -file client.cer -keystore keystore.jks --storepass pass
3. keytool -noprompt -import -v -trustcacerts -file client.cer -alias client -keystore
cacerts.jks -storepass pass2

Now I replace domain1/config/cacerts.jks and domain1/config/keystore.jks with new files, restart the server.
Mutual auth with jax-rpc from j2ee tutorial works flawlessly.

Finally I want IE & Netscape to be able to do mutual auth:
Using jstk-1.0.1 from http://www.j2ee-security.net/book/dnldsrc/
jstk-1.0.1/bin/crypttool.sh export -keystore keystore.jks -alias client -storepass pass -outform PKCS12

I have client.p12 which I import into IE personal certificates.
Enter secure site on the server. Server cert is OK. I choose client1 pair for mutual auth.
Then I see in the browser: HTTP Status 403 - Access to the requested resource has been denied.
During the handshake in server.log I see:

[#|2004-06-02T01:12:42.496+0200|WARNING|j2ee-appserver1.4|org.apache.coyote.http11.Http11Proces sor|_ThreadID=11;|
Exception getting SSL Cert
java.net.SocketException: Socket Closed
..
a lot of stuff here
..
[at the end]
http1043-Processor3, handling exception: java.net.SocketTimeoutException: Read

I tries also additional java security package with JDK 1.5.0 beta to generate PKCS12 pair.
The same error diffrent exceptions.

In Netscape the same error.
Didn't try openssl yet.

Question:
1. Did I do something wrong ?
2. Is the PKCS12 file corrupted in some way ?
3. Is there a tutorial on how to do this ?

Thank You.





Similar Threads
Thread Thread Starter Forum Replies Last Post
Displaying < and > in browser csummers XSLT 1 January 24th, 2008 08:49 PM
Chpt 7 >> Pg 245 >>Try It Out #4-5 harrison4411 BOOK: Beginning ASP.NET 2.0 BOOK VB ISBN: 978-0-7645-8850-1; C# ISBN: 978-0-470-04258-8 0 March 2nd, 2006 06:26 PM
When to define primary keys and foregin keys? method SQL Server 2000 1 August 26th, 2005 09:14 AM
Achitecture ? SQL -> XML -> ASP -> PDF or HTML Frm jstrong Classic ASP XML 0 July 9th, 2005 01:18 PM
Mutual authentication & null cert chain exception S M Humayun J2EE 1 September 6th, 2004 02:35 AM




Contact Us - Wrox - Privacy Statement - Top

Powered by vBulletin®
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.
Copyright (c) 2020 John Wiley & Sons, Inc.