Client Authentication in web service ( client side only )
Hi,
How I can tell java to use this particular client certificate in mutual authentication.
I have two certificates
1) cacert.pem and
2) client.pem (includes private key),
client.pem is signed by cacert.pem and also contains the private key. I have the wsdl file for the webservice that I have to call and I can generate java wrappers of it using wsdl2java.
Infact I just called web services that used Server-Only SSL/TLS authentication, in that case I just had to add root/CA certificate (in cer format) in the JREs cacerts file and used https for the webservice url, and all worked file
Now I can't understand what to do for mutual authentication.
Thanks in advance.
Sohaib
Hi,
Thank you for answer, U r right, I have to import keys into client key store, but a keystore may contain more than one keys and more that one identity certificates, so which key/cert SSL will use in mutual authentication, there must be some way to tell SSL to use that particular certificate/key pair ....
one more thing, does java support pem format certificates/keys ....
Sohaib
Hi ejp,
please describe the way to import the private key into java keystore
I added certificate, but unable to add private key in keystore.
Does every private key requires pass phrase stored in pem format ?
and is that passphrase needed in java code, or it is only needed while adding private key in keystore
Thanks a lot.
Normally you would have created a keypair and then a CSR request from that keystore, then sent the CSR off to the CA, then received the signed CSR and the CA certificate, then you import both those things back into the same keystore. The private key should never have left the original keystore. If you import the signed CSR into a keystore that doesn't already have its private key it will fail.
