Java APIs

Hello all,

I have been working on a problem for quite some time now with no luck. I am writing a client to a web service from an outside vendor. The vendor is a certificate authority, although a non-standard one for sure, and they supply certificates for many applications in my industry. Unfortunately, they're a .NET shop though, and they are not able to help with the implementation of their certificates on the Java side at all.

I finally found some classes that I thought would help me out in org.apache.commons.httpclient.contrib.ssl.AuthSSLProtocolSocketFactory. I implemented my SSL protocol which should implement the client side certificates using the factory and from there created my HTTPClient object.

I imported certificates into my truststore and keystore using the keytool. Before I got the truststore working, I had issues with the connection not happening, but now I am getting a 200 response that my authentication failed, so I am pretty sure it's the keystore that's to blame.

When I get to the part where it is setting up the KeyManager in the code, it attempts to get the certificate chain for each of the aliases in the keystore I provided, but the certificate chain is always null. (However, if I send the same file when setting up the truststore, it DOES find a certificate chain. What's up with that?)

So then I was thinking that perhaps I needed to use something like PKCS#12 to export the client certificate so that it would have all the certificates in the chain, as well as the public and private keys. But when I do that, I can't import it into the keystore because it's not an X509 certificate. (I also tried converting it from PKCS#12 to DER to see if the chain would come along, but no such luck.)

I would have thought this would be a pretty common thing to want to do, but I'm just not finding much through google searches. Does anyone have any insight on what else I need to do through keytool or other libraries that would help?

Thanks in advance,
Jennifer

Message was edited by:
jennford