开发者

Java certificate based authentication

I have a thrift endpoint that someone created who is not longer with our company. They implemented the authentication via client side certs, but I having a hard time wrapping my head around how it all works. Does anyone know of a tutorial, or howto on this topic.

All I really have is a sample client class. Here are a list of things that I need help with:

  1. Can a server cert and the client cert both be contained in the same trust store
  2. How do you create a new client side cert?
  3. How do you add that client side cert to the se开发者_如何学运维rver trust store?
  4. Do you need to set the client trust store, and set the java trust (assuming the server is a self signed endpoint)
  5. What does the following error mean?

    ERROR[com.cada.CadaDaoTest][main] - Error: org.apache.thrift.transport.TTransportException: javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate


The truststore (on Tomcat it's configured forthe SSL connector in server.xml) can hold the root of the certificate chain of the client certificate, not the certificate itself. That is, when a certificate is created, it is signed by a CA - certificate authority. If the CA cert is trusted, all certs singed by the CA are trusted as well.

You can create certificates using either keytool (in jdk/bin/) or openssl. There are GUIs for that, like portecle.

The tomcat ssl tutorial might be helpful.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜