mutual authentication
I have the following problem in mutual authentication.
Connection failed: javax.net.ssl.SSLHandshakeException: sun.security.validator.V
alidatorException: No trusted certificate found
At first, I created key and certification as follows.
-
1. Create CA Authority Key using SSL
openssl genrsa -out ca.key 1024
2. Create self-signed CA Certificate
openssl req -new -x509 -key ca.key -out demoCA/cacert.pem
3. Create Client Keystore
keytool -genkey -alias clientapp -keystore clientkeys
4. Create Server Keystore
keytool -genkey -alias serverapp -keystore serverkeys
5. Export public keys from Client and Server keystores
keytool -keystore clientkeys -certreq -alias clientapp -file clientapp.crs
keytool -keystore serverkeys -certreq -alias serverapp -file serverapp.crs
6. Signs both public keys with CA Authority key
openssl ca -in clientapp.crs -out clientapp.pem -keyfile ca.key
openssl ca -in serverapp.crs -out serverapp.pem -keyfile ca.key
7. Convert signed keys to DER format
openssl x509 -in clientapp.pem -out clientapp.der -outform DER
openssl x509 -in serverapp.pem -out serverapp.der -outform DER
8. Import CA certificate to Client and Server keystores
keytool -keystore clientkeys -alias systemca -import -file demoCA/cacert.pem
keytool -keystore serverkeys -alias systemca -import -file demoCA/cacert.pem
9. Import signed key to Client keystore
keytool -keystore clientkeys -alias clientapp -import -file clientapp.der
10. Import signed key to Serverkeystore
keytool -keystore serverkeys -alias serverapp -import -file serverapp.der
-
Then, I copy cacerts which exist in the directory "C:\j2sdk1.4.2\jre\lib\security"
to the directory "truststore/cacerts" like this.
$ keytool -import -keystore -file demoCA/cacert.pem -truststorecacerts -alias trustca
-keystore truststore/cacerts -storepass changeit
Then, I executed programs.
Server:
$ java -Djavax.net.ssl.keyStore=serverkeys -Djavax.net.ssl.keyStorePassword=pas
sword -Djavax.net.ssl.trustStore=truststore/cacerts -Djavax.net.ssl.trustStorePassword=changeit CASSLServer
SimpleSSLServer running on port 4915
Client:
$ java -Djavax.net.ssl.trustStore=/cygdrive/c/eclipse-SDK-2.1.1-win32/eclipse/w
orkspace/xacml/truststore/cacerts -Djavax.net.ssl.trustStorePassword=changeit C
ACustomKeyStoreClient
client error:
Connection failed: java.net.SocketException: Software caused connection abort: s
ocket write error
Server error:
1: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorExceptio
n: No trusted certificate found
1: Closing connection.
Are there something wrong with my setting?
