public key is in the cert
http://en.wikipedia.org/wiki/Public_key_certificate
so you will want to create your key beforehand with either
http://www.openssl.org/docs/apps/openssl.html
http://java.sun.com/j2se/1.3/docs/tooldocs/win32/keytool.html#Commands
assuming you use keytool:
where the key is generated with keytool -genkey
certificate is requested via keytool -certreq
and a valid certificate is imported via keytool -import
http://java.sun.com/j2se/1.3/docs/tooldocs/win32/keytool.html#Certificates
after all is completed the public key embedded in the x.509 certificate is called
Subject Public Key Information
HTH
Martin Gainty
______________________________________________
Verzicht und Vertraulichkeitanmerkung/Note de déni et de confidentialité
Diese Nachricht ist vertraulich. Sollten Sie nicht der vorgesehene Empfaenger sein, so bitten wir hoeflich um eine Mitteilung. Jede unbefugte Weiterleitung oder Fertigung einer Kopie ist unzulaessig. Diese Nachricht dient lediglich dem Austausch von Informationen und entfaltet keine rechtliche Bindungswirkung. Aufgrund der leichten Manipulierbarkeit von E-Mails koennen wir keine Haftung fuer den Inhalt uebernehmen.
Ce message est confidentiel et peut être privilégié. Si vous n'êtes pas le destinataire prévu, nous te demandons avec bonté que pour satisfaire informez l'expéditeur. N'importe quelle diffusion non autorisée ou la copie de ceci est interdite. Ce message sert à l'information seulement et n'aura pas n'importe quel effet légalement obligatoire. Étant donné que les email peuvent facilement être sujets à la manipulation, nous ne pouvons accepter aucune responsabilité pour le contenu fourni.
> Date: Sat, 14 Nov 2009 10:21:16 -0800
> From: glassfish_at_javadesktop.org
> To: users_at_glassfish.dev.java.net
> Subject: Re: not prompted for client certificate
>
> I think it may be related to my client certificate.
>
> [code]80: problem unwrapping net record javax.net.ssl.SSLProtocolException: handshake alert: no_certificate[/code]
>
> Perhaps I misunderstood how mutual authentication works. The self-signed client certificate that I generate, does it have to be in some way related to the keystores on the server? I just created another keystore and generated a new key pair then exported a certificate in PKCS12 format... then imported that certificate into FF. Is that wrong?
>
> thanks
> [Message sent by forum member 'black_lotus' ]
>
> http://forums.java.net/jive/thread.jspa?messageID=371834
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
> For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>
_________________________________________________________________
Hotmail: Trusted email with powerful SPAM protection.
http://clk.atdmt.com/GBL/go/177141665/direct/01/
--_32a3f021-503b-457a-81ca-5a28b1358757_
Content-Type: text/html; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<html>
<head>
<style><!--
.hmmessage P
{
margin:0px;
padding:0px
}
body.hmmessage
{
font-size: 10pt;
font-family:Verdana
}
--></style>
</head>
<body class='hmmessage'>
public key is in the cert<br>
http://en.wikipedia.org/wiki/Public_key_certificate<br><br>so you will want to create your key beforehand with either<br>
http://www.openssl.org/docs/apps/openssl.html<br>
http://java.sun.com/j2se/1.3/docs/tooldocs/win32/keytool.html#Commands<br><br>assuming you use keytool:<br>where the key is generated with keytool -genkey<br>certificate is requested via keytool -certreq<br>and a valid certificate is imported via keytool -import<br>
http://java.sun.com/j2se/1.3/docs/tooldocs/win32/keytool.html#Certificates<br><br>after all is completed the public key embedded in the x.509 certificate is called <br>Subject Public Key Information<br><br>HTH<br>Martin Gainty <br>______________________________________________ <br>Verzicht und Vertraulichkeitanmerkung/Note de déni et de confidentialité<br><div> <br>Diese Nachricht ist vertraulich. Sollten Sie nicht der vorgesehene Empfaenger sein, so bitten wir hoeflich um eine Mitteilung. Jede unbefugte Weiterleitung oder Fertigung einer Kopie ist unzulaessig. Diese Nachricht dient lediglich dem Austausch von Informationen und entfaltet keine rechtliche Bindungswirkung. Aufgrund der leichten Manipulierbarkeit von E-Mails koennen wir keine Haftung fuer den Inhalt uebernehmen.<br></div><pre>Ce message est confidentiel et peut être privilégié. Si vous n'êtes pas le destinataire prévu, nous te demandons avec bonté que pour satisfaire informez l'expéditeur. N'importe quelle diffusion non autorisée ou la copie de ceci est interdite. Ce message sert à l'information seulement et n'aura pas n'importe quel effet légalement obligatoire. Étant donné que les email peuvent facilement être sujets à la manipulation, nous ne pouvons accepter aucune responsabilité pour le contenu fourni.</pre><br><br><br><br><br>> Date: Sat, 14 Nov 2009 10:21:16 -0800<br>> From: glassfish@javadesktop.org<br>> To: users@glassfish.dev.java.net<br>> Subject: Re: not prompted for client certificate<br>> <br>> I think it may be related to my client certificate.<br>> <br>> [code]80: problem unwrapping net record javax.net.ssl.SSLProtocolException: handshake alert: no_certificate[/code]<br>> <br>> Perhaps I misunderstood how mutual authentication works. The self-signed client certificate that I generate, does it have to be in some way related to the keystores on the server? I just created another keystore and generated a new key pair then exported a certificate in PKCS12 format... then imported that certificate into FF. Is that wrong?<br>> <br>> thanks<br>> [Message sent by forum member 'black_lotus' ]<br>> <br>>
http://forums.java.net/jive/thread.jspa?messageID=371834<br>> <br>> ---------------------------------------------------------------------<br>> To unsubscribe, e-mail: users-unsubscribe@glassfish.dev.java.net<br>> For additional commands, e-mail: users-help@glassfish.dev.java.net<br>> <br> <br /><hr />Hotmail: Trusted email with powerful SPAM protection. <a href='
http://clk.atdmt.com/GBL/go/177141665/direct/01/' target='_new'>Sign up now.</a></body>
</html>
--_32a3f021-503b-457a-81ca-5a28b1358757_--