RE: not prompted for client certificate

From: Martin Gainty <mgainty_at_hotmail.com>
Date: Sat, 14 Nov 2009 14:04:34 -0500

public key is in the cert
http://en.wikipedia.org/wiki/Public_key_certificate

so you will want to create your key beforehand with either
http://www.openssl.org/docs/apps/openssl.html
http://java.sun.com/j2se/1.3/docs/tooldocs/win32/keytool.html#Commands

assuming you use keytool:
where the key is generated with keytool -genkey
certificate is requested via keytool -certreq
and a valid certificate is imported via keytool -import
http://java.sun.com/j2se/1.3/docs/tooldocs/win32/keytool.html#Certificates

after all is completed the public key embedded in the x.509 certificate is called
Subject Public Key Information

HTH
Martin Gainty
______________________________________________
Verzicht und Vertraulichkeitanmerkung/Note de d�ni et de confidentialit�

Diese Nachricht ist vertraulich. Sollten Sie nicht der vorgesehene Empfaenger sein, so bitten wir hoeflich um eine Mitteilung. Jede unbefugte Weiterleitung oder Fertigung einer Kopie ist unzulaessig. Diese Nachricht dient lediglich dem Austausch von Informationen und entfaltet keine rechtliche Bindungswirkung. Aufgrund der leichten Manipulierbarkeit von E-Mails koennen wir keine Haftung fuer den Inhalt uebernehmen.
Ce message est confidentiel et peut �tre privil�gi�. Si vous n'�tes pas le destinataire pr�vu, nous te demandons avec bont� que pour satisfaire informez l'exp�diteur. N'importe quelle diffusion non autoris�e ou la copie de ceci est interdite. Ce message sert � l'information seulement et n'aura pas n'importe quel effet l�galement obligatoire. �tant donn� que les email peuvent facilement �tre sujets � la manipulation, nous ne pouvons accepter aucune responsabilit� pour le contenu fourni.

> Date: Sat, 14 Nov 2009 10:21:16 -0800
> From: glassfish_at_javadesktop.org
> To: users_at_glassfish.dev.java.net
> Subject: Re: not prompted for client certificate
>
> I think it may be related to my client certificate.
>
> [code]80: problem unwrapping net record javax.net.ssl.SSLProtocolException: handshake alert: no_certificate[/code]
>
> Perhaps I misunderstood how mutual authentication works. The self-signed client certificate that I generate, does it have to be in some way related to the keystores on the server? I just created another keystore and generated a new key pair then exported a certificate in PKCS12 format... then imported that certificate into FF. Is that wrong?
>
> thanks
> [Message sent by forum member 'black_lotus' ]
>
> http://forums.java.net/jive/thread.jspa?messageID=371834
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
> For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>

_________________________________________________________________
Hotmail: Trusted email with powerful SPAM protection.
http://clk.atdmt.com/GBL/go/177141665/direct/01/
--_32a3f021-503b-457a-81ca-5a28b1358757_
Content-Type: text/html; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

<html>
<head>
<style></style>
</head>
<body class='hmmessage'>
public key is in the cert http://en.wikipedia.org/wiki/Public_key_certificate so you will want to create your key beforehand with either http://www.openssl.org/docs/apps/openssl.html http://java.sun.com/j2se/1.3/docs/tooldocs/win32/keytool.html#Commands assuming you use keytool: where the key is generated with         keytool -genkey certificate is requested via                   keytool -certreq and a valid certificate is imported via keytool -import http://java.sun.com/j2se/1.3/docs/tooldocs/win32/keytool.html#Certificates after all is completed the public key embedded in the x.509 certificate is called Subject Public Key Information HTH Martin Gainty ______________________________________________ Verzicht und Vertraulichkeitanmerkung/Note de d�ni et de confidentialit� <div>  Diese Nachricht ist vertraulich. Sollten Sie nicht der vorgesehene Empfaenger sein, so bitten wir hoeflich um eine Mitteilung. Jede unbefugte Weiterleitung oder Fertigung einer Kopie ist unzulaessig. Diese Nachricht dient lediglich dem Austausch von Informationen und entfaltet keine rechtliche Bindungswirkung. Aufgrund der leichten Manipulierbarkeit von E-Mails koennen wir keine Haftung fuer den Inhalt uebernehmen. </div><pre>Ce message est confidentiel et peut �tre privil�gi�. Si vous n'�tes pas le destinataire pr�vu, nous te demandons avec bont� que pour satisfaire informez l'exp�diteur. N'importe quelle diffusion non autoris�e ou la copie de ceci est interdite. Ce message sert � l'information seulement et n'aura pas n'importe quel effet l�galement obligatoire. �tant donn� que les email peuvent facilement �tre sujets � la manipulation, nous ne pouvons accepter aucune responsabilit� pour le contenu fourni.</pre> > Date: Sat, 14 Nov 2009 10:21:16 -0800 > From: glassfish@javadesktop.org > To: users@glassfish.dev.java.net > Subject: Re: not prompted for client certificate > > I think it may be related to my client certificate. > > [code]80: problem unwrapping net record javax.net.ssl.SSLProtocolException: handshake alert: no_certificate[/code] > > Perhaps I misunderstood how mutual authentication works. The self-signed client certificate that I generate, does it have to be in some way related to the keystores on the server? I just created another keystore and generated a new key pair then exported a certificate in PKCS12 format... then imported that certificate into FF. Is that wrong? > > thanks > [Message sent by forum member 'black_lotus' ] > > http://forums.java.net/jive/thread.jspa?messageID=371834 > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscribe@glassfish.dev.java.net > For additional commands, e-mail: users-help@glassfish.dev.java.net > <hr />Hotmail: Trusted email with powerful SPAM protection. <a href='http://clk.atdmt.com/GBL/go/177141665/direct/01/' target='_new'>Sign up now.</a></body>
</html>
--_32a3f021-503b-457a-81ca-5a28b1358757_--