M
Mike Baroukh
Hi.
I must connect to an ssl Server using a client certificate.
Of course, if I ask you for help, it's that it didn't work.
So, here is how I done. Could somebody point me on the wrong step ?
Thanks in advance ...
1/ First, I created a key :
keytool -genkey -keyalg rsa -keystore storefile -storepass storepass
-alias mykey
2/ I created a certificate request
keytool -certreq -keystore storefile -storepass storepass -alias mykey
-file mykey.csr
3/ I send the generated file wich contains
-----BEGIN NEW CERTIFICATE REQUEST-----
MIIBiDCB8gIBADBJMQswCQYDVQQGEwJGUjEKMAgGA1UECBMBRTEKMAgGA1UEBxMBRDEKMAgGA1UE
ChMBQzEKMAgGA1UECxMBQjEKMAgGA1UEAxMBQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA
qfU4WrHE1QuUCR2yvAnzNEDUWqJgWxwpKjR1gkTA/D1tL4ftAmkzQ1YIdVwCp1u8sjhR2mkjnOIt
rp9jsuJ2/skqRjjv9GwUxrR3KBhxcBUeBFnypkbXbu3N9vbuIheaYfRIJdfqXO/BhVtBf9+tyito
WvAJuj5WqtiAWK4hvJECAwEAAaAAMA0GCSqGSIb3DQEBBAUAA4GBAHEjlA8CVt697VlHI7uW2Cqm
mnGv5IsFIi+b8gtXHuL8RnZkcUf4mlyyt/MTutHI9mL4be18J7jMWL7gp/DLhf/7629sGAxlk6jK
cHp1brpEygaTox1tvnooOQL0axvUWP5aMSFYS1eM9FVL7rJXj4LtywAh5ZRcPCF1SlIQocRx
-----END NEW CERTIFICATE REQUEST-----
to the webmaster of the site I have to connect to.
4/ He send my back a crt I imported
keytool -import -keystore storefile -storepass storepass -alias
mykey-crt -file mykey.crt
5/ I try to connect :
System.setProperty("javax.net.ssl.trustStore","~/storefile");
System.setProperty("javax.net.ssl.keyStore","~/storefile");
System.setProperty("javax.net.ssl.keyStorePassword","mykey6");
System.setProperty("javax.net.debug", "ssl,keymanager");
URL u = new URL("https://<url>");
URLConnection c = u.openConnection();
InputStream i = c.getInputStream();
BufferedReader reader = new BufferedReader(new InputStreamReader(i));
String ligne;
while ((ligne = reader.readLine()) != null) {
System.out.println(ligne.trim());
}
i.close();
result :
java.io.IOException: Server returned HTTP response code: 403 for URL:
https://<url>
at
sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1149)
at
sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:234)
at x509.Elvia.main(Elvia.java:23)
I tried to separate truststore and keystore, having only the crt in
keystore but nothing works.
Do I use the right method ?
I don't understand why I don't I don't just send a public key to the
webmaster ...
Mike
I must connect to an ssl Server using a client certificate.
Of course, if I ask you for help, it's that it didn't work.
So, here is how I done. Could somebody point me on the wrong step ?
Thanks in advance ...
1/ First, I created a key :
keytool -genkey -keyalg rsa -keystore storefile -storepass storepass
-alias mykey
2/ I created a certificate request
keytool -certreq -keystore storefile -storepass storepass -alias mykey
-file mykey.csr
3/ I send the generated file wich contains
-----BEGIN NEW CERTIFICATE REQUEST-----
MIIBiDCB8gIBADBJMQswCQYDVQQGEwJGUjEKMAgGA1UECBMBRTEKMAgGA1UEBxMBRDEKMAgGA1UE
ChMBQzEKMAgGA1UECxMBQjEKMAgGA1UEAxMBQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA
qfU4WrHE1QuUCR2yvAnzNEDUWqJgWxwpKjR1gkTA/D1tL4ftAmkzQ1YIdVwCp1u8sjhR2mkjnOIt
rp9jsuJ2/skqRjjv9GwUxrR3KBhxcBUeBFnypkbXbu3N9vbuIheaYfRIJdfqXO/BhVtBf9+tyito
WvAJuj5WqtiAWK4hvJECAwEAAaAAMA0GCSqGSIb3DQEBBAUAA4GBAHEjlA8CVt697VlHI7uW2Cqm
mnGv5IsFIi+b8gtXHuL8RnZkcUf4mlyyt/MTutHI9mL4be18J7jMWL7gp/DLhf/7629sGAxlk6jK
cHp1brpEygaTox1tvnooOQL0axvUWP5aMSFYS1eM9FVL7rJXj4LtywAh5ZRcPCF1SlIQocRx
-----END NEW CERTIFICATE REQUEST-----
to the webmaster of the site I have to connect to.
4/ He send my back a crt I imported
keytool -import -keystore storefile -storepass storepass -alias
mykey-crt -file mykey.crt
5/ I try to connect :
System.setProperty("javax.net.ssl.trustStore","~/storefile");
System.setProperty("javax.net.ssl.keyStore","~/storefile");
System.setProperty("javax.net.ssl.keyStorePassword","mykey6");
System.setProperty("javax.net.debug", "ssl,keymanager");
URL u = new URL("https://<url>");
URLConnection c = u.openConnection();
InputStream i = c.getInputStream();
BufferedReader reader = new BufferedReader(new InputStreamReader(i));
String ligne;
while ((ligne = reader.readLine()) != null) {
System.out.println(ligne.trim());
}
i.close();
result :
java.io.IOException: Server returned HTTP response code: 403 for URL:
https://<url>
at
sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1149)
at
sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:234)
at x509.Elvia.main(Elvia.java:23)
I tried to separate truststore and keystore, having only the crt in
keystore but nothing works.
Do I use the right method ?
I don't understand why I don't I don't just send a public key to the
webmaster ...
Mike