client authentication with Thawte Freemail certificates + JSSE
843811Apr 16 2002 — edited Apr 16 2002I'm trying to do SSL with Client Authentication. I'm using JSSE sample
code downloaded from this forum.
I think I have tracked my problem down to a mismatch in the Common
Names of my Certificate Authorities. In the CertificateRequest message,
the server is asking for any client certificates matching a CA's CN
of "Thawte Personal Freemail CA".
However, my free certificate is signed by "Personal Freemail RSA 2000.8.30".
So, the KeyManager doesn't find a matching certificate in my KeyStore,
and does not send it to the server. The end-result is a 403, as the server
has been configured with SSLClientAuth 2 (required).
To make matters worse, I have searched all over for a ""Personal Freemail RSA
2000.8.30" root certificate that I could install on the server, but have not found
it. Surely someone else must have hit this situation.... please suggest a
solution!
Below, is the relevant part of the trace.
Thank you!
*** CertificateRequest
Cert Types: RSA,
Cert Authorities:
<CN=selfsign.zigabyte.com, O=zigabyte, C=US>
<EMAILADDRESS=personal-freemail@thawte.com, CN=Thawte Personal Freemail CA, OU=C
ertification Services Division, O=Thawte Consulting, L=Cape Town, ST=Western Cap
e, C=ZA>
[read] MD5 and SHA1 hashes: len = 284
[ ... binary dump deleted ...]
*** ServerHelloDone
[read] MD5 and SHA1 hashes: len = 4
0000: 0E 00 00 00 ....
main, SEND SSL v3.0 ALERT: warning, description = no_certificate
main, WRITE: SSL v3.0 Alert, length = 2