Explore our sites

Stack Exchange
tour help
careers 2.0
Take the 2-minute tour ×
Stack Overflow is a question and answer site for professional and enthusiast programmers. It's 100% free, no registration required.
up vote 2 down vote favorite

For secure server sockets in order to send the server certificate, all I do is initialize SSLContext with a KeyManagerFactory.getKeyManagers() that has been initialized with my keystore.
But how can I do this in client side?
I.e. for client I do:

System.setProperty("javax.net.ssl.keyStore", "clientKeystore.keystore");
System.setProperty("javax.net.ssl.keyStorePassword", "secret");
System.setProperty("javax.net.ssl.trustStore", "clientKeystore.keystore");
System.setProperty("javax.net.ssl.trustStorePassword", "secret");
SSLSocketFactory factory = (SSLSocketFactory) SSLSocketFactory.getDefault();
SSLSocket socket = (SSLSocket) factory.createSocket("localhost", 7890);

I use the same keystore as trust store. I assume that just for looking arround JSSE it is ok.
Problem is that I get in the server part (I have setNeedClientAuth in the serversocket to true). 

Exception in thread "main" javax.net.ssl.SSLHandshakeException: null cert chain

So how am I supposed to configure the client side to send a certificate?Isn't the system properties a correct approach?
Because I do not see how the SSLContext can be used in client side.

Thank you!

share|improve this question
 
Is that error in the client or the server code? –  GregS Feb 7 '11 at 1:19
 
@GregS:This is the exception in the server code.In the client code I get Exception in thread "main" java.net.SocketException: Software caused connection abort: recv failed –  Cratylus Feb 7 '11 at 17:19
add comment

1 Answer

up vote 0 down vote

You do not have to set a specific configuration on the client side to use a certificate for authentication. Maybe some intermediate CAs are missing in the keystore, and the client is not able to build a certificate path from the trust anchor sent by the server and therefore cannot determine if the certificate is suitable for authentication.

You can add the system property javax.net.debug to all to print the debug stream on the standard output. Maybe you can get more information on the error.

share|improve this answer
 
May be it is my misunderstanding here:I have set in the client jvm as system properties the keystore,trustore both pointing to the same keystore that the server is using.This keystore/truststore contains just 1 certificate I created (self-signed).I assume that the server and client both exchange the same certificate.This would cause an issue? –  Cratylus Feb 7 '11 at 17:28
 
@user384706 The client's truststore has to trust the server's keystore. If you are using client authentication the reverse is also true. Using the same files at both server and client doesn't make any sense whatsoever from any point of view and especially from the security point of view. The server's keystore contains the server's private key and should not appear anywhere else in the universe. Otherwise you cannot trust the server's identity as established by the handshake. –  EJP Jun 4 '12 at 0:57
add comment

Your Answer

 
discard

By posting your answer, you agree to the privacy policy and terms of service.

Not the answer you're looking for? Browse other questions tagged or ask your own question.