KeyStore ks = KeyStore.getInstance("PKCS12") Whichever is the case, this did the trick: pfx file and I wasn't transferring them to the pks format cacerts file correctly. I don't know if it should have been necessary to do this no matter what or it it's necessary because the keys were in a. #Use .pks for java keystore explorer code#With the following code I was able to authenticate to the server finally. Ok, so what I was missing was that I did have to do a little more than people led on if I was doing client authentication. Ksjks.store(new FileOutputStream("c:/Java/j2re1.4.2_03/lib/security/cacerts"), "changeit".toCharArray()) Ksjks.load(new FileInputStream("c:/Java/j2re1.4.2_03/lib/security/cacerts"),"changeit".toCharArray()) Ĭertificate c = kspkcs12.getCertificateChain("", key, "start123".toCharArray(), c) KeyStore ksjks = KeyStore.getInstance("JKS") Kspkcs12.load(new FileInputStream("C:/clientcert.pfx"), "start123".toCharArray()) KeyStore kspkcs12 = KeyStore.getInstance("PKCS12") The only thing I can think of is I screwed up importing the pkcs12 file into my cacerts file. If I put in the url for the server requesting my client certificate, however, I get a 403. If I use verisign's https url in my URL object I get a successful connection and can read the page contents. What might I be missing with the java implementation that would cause the certification file to not be working? The code I'm using is quite simplistic right now just to prove I can get a connection established. Once I load that, however, the 403 goes away. If I load the page in a browser for the first time I will also get a "forbidden" message until I import the client certificate. #Use .pks for java keystore explorer password#The url I am using is for the home "signon" page and so should not require any username or password credentials to load. Unfortunately, I am getting a 403 error when I try this. With all this accomplished I figured I should be able to create a simple URL object with the https url and open a connection. Since they are acting as their own root certificate authority, I also used openssl to request the certificate chain and loaded the root CA certificate as a trusted certificate. Since I can't import that into my cacerts file I wrote a little routine to load it into a PKCS12 keystore, list the alias, and use that to extract the certificate and key and store them as a new entry in my cacerts file. They've sent me my client certificate and key in a. I'm trying to connect to an https url where the server is requiring client authentication. 1.7K Training / Learning / Certification.165.3K Java EE (Java Enterprise Edition).7.9K Oracle Database Express Edition (XE).3.8K Java and JavaScript in the Database.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |