Hello
It has been 3rd day since I started working on having mutual SSL auth on
xfire. I succeeded at the beginning but when I created the
certificates/keystores again it stopped working. All the time I get the
exception:
2007-05-10 00:33:09 org.codehaus.xfire.transport.http.HttpChannel
sendViaClient
SEVERE: javax.net.ssl.SSLHandshakeException: Received fatal alert:
bad_certificate
I think the configuration of the server and client are OK, I can send
them tomorrow if we don't find any answer as well as client debug
messages. For now I'd only like to send the commands I run in order to
get the server keystore and the client one. Maybe there is an obvious
error in there which you can find.
I also tried with converting the certificates to DER format. Doesn't
work as well.
If you have any working example of mutual SSL auth with keystores (can
be in 'plain' Java) I'd be thankful for sending it, that can help me to
debug my program.
Greetings
Michael Dyrda
---
* Create a server keystore
keytool -genkey -alias server -keystore server.jks -storepass keypass
-keypass keypass -dname "cn=Server"
* Create certificate signing request to Certificate Authority
keytool -certreq -keystore server.jks -alias server -file server.csr
-storepass keypass
* Signing the request
openssl x509 -req -in server.csr -out server.pem -CA wampCA/cacert.pem
-CAkey wampCA/private/cakey.pem -CAcreateserial -days 365 -outform PEM
* Import CA root certificate
keytool -import -alias root -keystore server.jks -file wampCA/cacert.pem
-storepass keypass -noprompt
* Import server signed certificate
keytool -import -alias server -file server.pem -keystore server.jks
-storepass keypass
* Create a client keystore
keytool -genkey -alias client -keystore clientStore.jks -storepass
keypass -keypass keypass -dname "cn=Client"
* Create certificate signing request to Certificate Authority
keytool -certreq -keystore clientStore.jks -alias client -file
client.csr -storepass keypass
* Signing the request
openssl x509 -req -in client.csr -out client.pem -CA wampCA/cacert.pem
-CAkey wampCA/private/cakey.pem -CAcreateserial -days 365 -outform PEM
* Import CA root certificate
keytool -import -alias root -keystore clientStore.jks -file
wampCA/cacert.pem -storepass keypass -noprompt
* Import server signed certificate
keytool -import -alias client -file client.pem -keystore clientStore.jks
-storepass keypass
---------------------------------------------------------------------
To unsubscribe from this list please visit:
http://xircles.codehaus.org/manage_email
