Have you checked out this technote? http://www.macromedia.com/cfusion/knowledgebase/index.cfm?id=tn_19298
It might be similar.
Matt
From: flexcoders@yahoogroups.com [mailto:flexcoders@yahoogroups.com] On Behalf Of colinblackmore
Sent: Monday, July 11, 2005 2:30
PM
To: flexcoders@yahoogroups.com
Subject: [flexcoders] Flex client
not passing client certificate to server
I am attempting to use client certificates as the authentication
mechanism over an SSL connection.
The server (Tomcat 5.5) is configured to require
all connections be
accompanied with a valid client certificate.
As far as the browser
and server are concerned, this works fine.
The mxml file is requested
by the browser, the server challenges the browser
for a client
certificate, which it receives, and the mxml file
is retrieved and
displayed correctly. So far, so good.
The problem is that any subsequent HTTPS requests
from the flex client
(NOTE: the flex client, NOT the browser) do not
contain the client
certificate.
The 'http-service-proxy-debug' log states:
07/11 17:09:04 ERROR %%500%%Software caused
connection abort: recv
failed
07/11 17:09:04 ERROR -- GET status: 500, target:
https://localhost:8443/mtx-dx-test/GetUserRoles.do
?includeRoles=manager&excludeRoles=
Setting the JVM option
'-Djavax.net.debug=ssl:handshake', std out
states:
*** CertificateRequest
Cert Types: RSA, DSS,
Cert Authorities:
<CN=XYZ, O=ABC, C=US>
*** ServerHelloDone
*** Certificate chain
***
*** ClientKeyExchange, RSA PreMasterSecret, TLSv1
Random Secret: { 3, 1, 98, 222, 236, 8, 188,
11, 125, 15, 19, 82,
146, 121, 7, 125, 112, 90, 106, 20, 52, 112, 243,
205, 233, 196, 212,
228, 50, 46, 93, 138, 215, 219, 156, 75, 41, 133,
252, 66, 27, 255,
165, 240, 240, 115, 141, 50 }
http-8443-Processor24, WRITE: TLSv1 Handshake,
length = 141
http-8443-Processor23, READ: TLSv1 Handshake,
length = 141
*** Certificate chain
***
http-8443-Processor23, SEND TLSv1 ALERT:
fatal, description =
bad_certificate
http-8443-Processor23, WRITE: TLSv1 Alert, length
= 2
http-8443-Processor23, called closeSocket()
http-8443-Processor23, handling exception:
javax.net.ssl.SSLHandshakeException: null cert
chain
http-8443-Processor23, called close()
http-8443-Processor23, called closeInternal(true)
Relaxing the server configuration to not require
client certificates
fixes the problem, so it appears fairly clear that
the client
certificate is not being managed correctly by
flex.
Is there an flex-config.xml option I am
missing? Is this a supported
configuration?
Thanks in advance.
...Col
--
Flexcoders Mailing List
FAQ: http://groups.yahoo.com/group/flexcoders/files/flexcodersFAQ.txt
Search Archives: http://www.mail-archive.com/flexcoders%40yahoogroups.com
--
Flexcoders Mailing List
FAQ: http://groups.yahoo.com/group/flexcoders/files/flexcodersFAQ.txt
Search Archives: http://www.mail-archive.com/flexcoders%40yahoogroups.com
YAHOO! GROUPS LINKS
