1 Reply Latest reply: Jul 1, 2011 12:46 AM by EJP RSS

    SSL Mutual Authentication

    872450
      hi,

      i am doing a client server application whose communications must be done using SSL sockets where mutual authentication of client and server is required

      i hav created the certificate using the java keytool and used the following code for mutual authentication but it is causing handshaking error:



      System.setProperty("javax.net.ssl.keyStoreType", "SSLv3");
      System.setProperty("javax.net.ssl.keyStore", "./command.jks");
      System.setProperty("javax.net.ssl.keyStorePassword", "*******");
      System.setProperty("javax.net.ssl.trustStoreType", "JKS");
      System.setProperty("javax.net.ssl.trustStore", "./Agent_cert.jks");
      System.setProperty("javax.net.ssl.trustStorePassword", "*******");

      Actually my client is in java and server is in c++

      The above code is working for single level authentication but it is showing "Handshake Exception" when Mutual authrntication is done by adding the code below:

      System.setProperty("javax.net.ssl.trustStoreType", "JKS");
      System.setProperty("javax.net.ssl.trustStore", "./Agent_cert.jks");
      System.setProperty("javax.net.ssl.trustStorePassword", "*******");

      Any help for this matter is realy grateful
      Thanks in advance
      Manoj
        • 1. Re: SSL Mutual Authentication
          EJP
          System.setProperty("javax.net.ssl.keyStoreType", "SSLv3");
          There is no such keystore type. I would just remove this line.
          The above code is working for single level authentication but it is showing "Handshake Exception" when Mutual authrntication is done by adding the code below:
          That doesn't sound right. The client truststore is used to authenticate the server. That happens during both single and mutual authentication. If it works for single authentication it should work for mutual authentication as well. More likely the problem is with the client key, the client keystore, and the server' truststore.