Hi Florian,
I'd prefer not to override the Sun provider since I am utilizing the CRL
distribution point checking. This may be my only option though.
Thanks, Dave
On Tue, Jul 12, 2011 at 12:20 AM, Florian Weimer wrote:
> * David Pomeroy:
>
> > It looks like the Sun JSSE provider does not supp
* David Pomeroy:
> It looks like the Sun JSSE provider does not support this
> configuration.
If you supply your own X509TrustManager implementation, I'm pretty sure
you can get it to work. It definitely works if the client supplies a
self-signed certificate, and I see no reason why it wouldn't
On 7/12/2011 9:59 AM, David Pomeroy wrote:
> Hi Xuelei,
>
> The requirement is to keep the client certificate as small as possible.
> I'd rather not have to store the sub CA certificate on the client.
>
> I see that the server is sending a "certificate request" as part of the
> TLS handshake pro
Hi Xuelei,
The requirement is to keep the client certificate as small as possible. I'd
rather not have to store the sub CA certificate on the client.
I see that the server is sending a "certificate request" as part of the TLS
handshake protocol. The DNs of the trusted certificates are specified
Hi Dave,
What's the underlying requirements that the client cannot send a full
certification path? That's not the way TLS works.
You may be also interesting in the post, "Best Practice: to Include the
Complete Certificate Chain in the KeyStore",
http://sim.ivi.co/2011/06/best-practice-to-include-
Hello All,
I'm trying to figure out if a certain security configuration is supported in
openJDK or not.
I want to do client authentication at the server with one trusted root
self-signed anchor certificate. Then I want the client to send up only a
client certificate, that was issued by a subordi
