Client certificate not being presented by Sun JDK
843811Nov 26 2008 — edited Dec 4 2008I have a requirement to connect to an external service provider (SP) using an https get.
The SP has a server certificate that I have imported to my trust store.
The SP issued a private key and an intermediate certificate that I have included in my keystore.
On running the application with IBM JDK1.5 the server responds with the error HTTP Error 403.7 - Forbidden: SSL client certificate is required"
However on running the same test application with IBM JDK1.4.2 I get the expected response from the client.
I have attached the contents of the keystore, the contents of thejava class that I am trying to connect with and and the command line options that I am using below.
Has any one encountered anything similiar?
{code}contents of Keystore:
Keystore type: jks
Keystore provider: SUN
Your keystore contains 2 entries
Alias name: testinter
Creation date: Mar 6, 2008
Entry type: trustedCertEntry
Owner: CN=test Solutions CA, OU=Class 2 OnSite Individual Subscriber C
A, OU=Terms of use at https://www.verisign.com/rpa (c)06, OU=VeriSign Trust Netw
ork, O=test Solutions, C=US
Issuer: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized
use only", OU=Class 2 Public Primary Certification Authority - G2, O="VeriSign,
Inc.", C=US
Serial number: 98da226f38da2ce29c65e35d505ec36
Valid from: Tue Jan 24 16:00:00 PST 2006 until: Mon Jan 24 15:59:59 PST 2011
Certificate fingerprints:
MD5: D1:7D:C2:B2:30:3E:26:9B:AE:5D:4C:8C:C7:10:B0:E0
SHA1: 4C:3B:59:67:F4:DE:08:0B:8C:70:AE:0D:05:1E:D1:18:46:00:FC:2D
*******************************************
*******************************************
Alias name: testclient
Creation date: Mar 6, 2008
Entry type: keyEntry
Certificate chain length: 1
Certificate[1]:
Owner: EMAILADDRESS=test.support@test.com, CN=BHN AST, T=Programmer, OU="
Security Phrase - 1111+!", OU=Company - Test Networks, OU="www.verisign.c
om/repository/CPS Incorp. by Ref.,LIAB.LTD(c)99", OU=Data Center, O=test Prepa
id Solutions
Issuer: CN=test Solutions CA, OU=Class 2 OnSite Individual Subscriber
CA, OU=Terms of use at https://www.verisign.com/rpa (c)06, OU=VeriSign Trust Net
work, O=test Solutions, C=US
Serial number: 769ed3a8a02a78a45ba2ce46e974f444
Valid from: Wed Mar 05 16:00:00 PST 2008 until: Fri Mar 06 15:59:59 PST 2009
Certificate fingerprints:
MD5: 2D:6E:37:83:BD:B8:FB:32:0E:08:B7:C5:F9:52:F3:C6
SHA1: B9:61:D9:D9:F2:B5:9B:5E:9D:73:D2:FB:7A:B6:04:BE:0A:4F:E5:27
*******************************************
*******************************************{code}
I am providing the following JVM arguments in my command line:
{code}-Djavax.net.ssl.keyStore
-Djavax.net.ssl.keyStorePassword
-Djavax.net.ssl.trustStore
-Djavax.net.ssl.trustStorePassword{code}
I use org.apache.commons.httpclient.HttpClient. I have pasted the code below, though this might not be relevant.
{code}
public class MySimpleTest {
public static void main(String[] args) {
HttpClient client = new HttpClient();
String url = "https://sample.domain.com:443/a2a/CO_TestCall.asp?userid=me&password=hello"
String url = null;
GetMethod getMethod;
try {
// start- Proxy authentication changes
client.setTimeout(30000);
client.getParams().setParameter("http.useragent", "X-HTTP-UserAgent: Mozilla/4.0 (compatible; MMozilla/4.0SIE 6.0");
client.getParams().setSoTimeout(3000);
client.getParams().setParameter("http.socket.timeout", new Integer(30000));
client.getHttpConnectionManager().getParams().setConnectionTimeout(30000);
getMethod = new GetMethod(url);
client.executeMethod(getMethod);
String xmlString = getMethod.getResponseBodyAsString();
System.out.println("Response from SP - \n" + xmlString);
} catch (HttpException e) {
e.printStackTrace();
} catch (IOException e) {
e.printStackTrace();
}
}
}{code}
Edited by: dhanyakairali on Nov 26, 2008 2:24 PM