caatoosee s.r.l.
cluj 13
ro-1900 timisoara
----- Original Message -----
Sent: Thursday, February 07, 2002 12:48
PM
Subject: RE: ssl auth
You
shouldn't copy the server certificate to the client itself.
Have
you imported your certificate into JAVA_HOME/jre/bin/security/cacerts
?
To
import use:
keytool -import -alias <certificate
alias> -storepass <your password> -keystore <your keystore file
(cacerts)> -file <the certificate you want to
import>
Hope
this helps you out.
Cheers
::::::::::::::::::::::::::::::::::::::
Justin
Schwartz
Analyst / Developer
Ivory Tower IS
[Phone ] +27 21 418
8230
[Fax ] +27 21 425 4537
[Mobile] +27 82 487
3821
[E-mail] justin@ivorytower.co.za
[Web ] http://www.ivorytower.co.za
I am trying to authentificate from java
with anonymous on ssl and this is what the server throws
me:
connection_get(10): got
connid=104
connection_read(10): checking for input on id=104
TLS
trace: SSL_accept:before/accept initialization
TLS trace:
SSL_accept:SSLv3 read client hello A
TLS trace: SSL_accept:SSLv3 write
server hello A
TLS trace: SSL_accept:SSLv3 write certificate A
TLS
trace: SSL_accept:SSLv3 write server done A
TLS trace: SSL_accept:SSLv3
flush data
TLS trace: SSL_accept:error in SSLv3 read client certificate
A
TLS trace: SSL_accept:error in SSLv3 read client certificate
A
daemon: select: listen=6 active_threads=0 tvp=NULL
daemon: select:
listen=7 active_threads=0 tvp=NULL
daemon: activity on 1
descriptors
daemon: activity on: 10r
daemon: read activity on
10
connection_get(10): got connid=104
connection_read(10): checking
for input on id=104
TLS trace: SSL3 alert read:fatal:unknown
TLS
trace: SSL_accept:failed in SSLv3 read client certificate A
TLS: can't
accept.
TLS: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert
unknown ca s3_pkt.c:956
connection_read(10): TLS accept error error=-1
id=104, closing
connection_closing: readying conn=104 sd=10 for
close
connection_close: conn=104 sd=10
Client side:
javax.naming.CommunicationException:x.x.x.x:636. Root exception
is javax.net.ssl.SSLHandshakeException: unknown
CA
at
com.ibm.jsse.JSSESocket.install(Unknown
Source)
at
com.ibm.jsse.JSSEOutputStream.install(Unknown
Source)
at
com.ibm.jsse.JSSEOutputStream.write(Unknown
Source)
at
java.io.OutputStream.write(OutputStream.java:61)
at
com.sun.jndi.ldap.Connection.<init>(Connection.java:155)
at
com.sun.jndi.ldap.LdapClient.<init>(LdapClient.java:81)
at
com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2307)
at
com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:211)
at
com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:79)
at
javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:668)
at
javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:246)
at
javax.naming.InitialContext.init(InitialContext.java:222)
at
javax.naming.InitialContext.<init>(InitialContext.java:198)
at
javax.naming.directory.InitialDirContext.<init>(InitialDirContext.java:83)
Anybody has any ideea what could this be ? I
have copyied the certificate from the server on the client side ..
-------------------------------
Valcu
Gheorghe
System Administrator
caatoosee s.r.l.
cluj 13
ro-1900
timisoara