I'm assuming the the certificate I'm using is the server certificate. And the reason is as follows:
We have received a myCertificate.p12 file to be installed on our side. I've installed the same and when I hit the URL through IE it brings up the list of certificates which can be used to authenticate us as a valid entity allowed to access the web services. Here when I selected the installed "myCertificate" it allows me to go in and see the web services.
I've used this installed "myCertificate" in the internet explorer to export it into "myCertificate.cer" and import this ".cer" into "myCertificate.keystore" and use this keystore file for all further secure communication.
When I try to hit their web services using this "myCertificate.keystore" file, I can see the CN name is *different* for "myCertificate.cer" which is imported into "myCertificate.keystore" and does not match with any of the CN names that come from the server in the certificate chain.
My question is, if this might cause a problem, how come internet explorer is able to resolve and able to present me as a valid host to the server, whereas my java client program is not able to do the same?
Thanks in advance Srikrishna
From: Tom Oinn <[EMAIL PROTECTED]> Reply-To: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Re: using certificate to access wsdl file Date: Tue, 18 May 2004 20:42:24 +0100
Hi,
I believe your problem is that the certificate is a client one. The only time I've seen that error was when we were missing a server certificate - the one that is used to authenticate the server rather than the one used to authenticate the client. The certificate that, say, IE asks you whether you want to install when you visit a https URL is a server certificate.
I'm guessing this based on the command line 'client.cer' reference. Try with the server certificate in your keystore and see if the error is still there, if it is then double check the certificate (certificate CN should be equal to the hostname IIRC but you can get around that sometimes by munging the hosts file on your client... hack hack hack)
HTH,
Tom
_________________________________________________________________
Get 200+ ad-free, high-fidelity stations and LIVE Major League Baseball Gameday Audio! http://radio.msn.click-url.com/go/onm00200491ave/direct/01/
