Java Security

Hi

I am trying to get certificate based client authentication to work, but get a bad_certificate in the client.

Here is a list of the the steps I have completed:
1) Created a self signed certificate (keytool -genkey -keyalg RSA -keystore c:\keystore\.keystore).
2) Configured Tomcat (Apache) Web server to use my newly created keystore.
3) Tested server authentication using the code provided below. This worked OK!!
4) Re-configured Tomcat to require client authentication using a certificate (clientAuth="true").
5) Requested a client certificate from VeriSign (free from: https://www.eurotrust.dk/products/emaildigitalid.php)
6) Installed the client certificate in Internet Explorer (IE).
7) Tried connecting to Tomcat from IE using the URL https://localhost/index.html. This also worked fine, indicating that the certificate provided by VeriSign where accepted by Tomcat (i.e. Tomcat correct configured ... verified client certificate).
8) Used IE to export the client certificate to a file and imported the certificate in the keystore created in step 1.
9) Now, running the sample code again gave me the output: OK ... IOException: Received fatal alert: bad_certificate. Re-running the sample code several times, result sometimes in the alternative exception: OK ... IOException: Connection reset by peer: socket write error.

In short: SSL works, server authentication works, client authentication using IE works, but client authentication from my programmatic client does not work.

Anybody out there with a solution or suggestions?!?

PS
I am using the Global JSSE 1.0.2 distribution, JDK 1.3.1_01, Tomcat 4.0 and everything is running on laptop running WindowsME (also tested on WindowsNT).


Best regards,
Per-Ivar


package Http;

import java.net.HttpURLConnection;
import java.net.URL;
import java.io.IOException;
import java.security.Security;

public class HttpClient
{
public HttpClient(){}

public static void main (String args[])
{
Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());

System.setProperty("java.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol");

// Needed for validation of the server certificate
System.setProperty("javax.net.ssl.trustStore","C:\\keystore\\.keystore");

// Needed for providing a clint certificate for client authentication
System.setProperty("javax.net.ssl.keyStore","C:\\keystore\\.keystore");
System.setProperty("javax.net.ssl.keyStorePassword","changeit");

try {
// Create an URL object
URL url = new URL("https://localhost/index.html");
HttpURLConnection conn = (HttpURLConnection)url.openConnection();

System.out.print("OK ... ");
conn.connect();
System.out.println("if this line is printed");
} catch(IOException e) {
System.out.println("IOException: " + e.getMessage());
}
}
}