plz help: reading certificates from client machines!
I know not many people answer *this question* as I could see in this forum.
I NEED URGENT HELP PLEASE.
I am very new to SSL/JSSE and my deadline is on my head!
I have a jsp page which when loaded on the client machine should gets its certificates stored in its browser. I have written the code as:
String Cipher_suite = (String)request.getAttribute("javax.net.ssl.cipher_suite");
//We want to retrieve the whole list of certificates
//X509Certificate[] certificateChain = (X509Certificate[])req.getAttribute("javax.net.ssl.peer_certificates");
X509Certificate[] certificateChain = (X509Certificate[])request.getAttribute("javax.servlet.request.X509Certificate");
System.out.println("****************"+certificateChain.length);
for(int counter = 0; counter < certificateChain.length;counter++)
{
X509Certificate certificate = (X509Certificate)certificateChain[counter];
str1 = certificate.getSigAlgName();
version = certificate.getVersion();
System.out.println(version);
}
I get as result:
javax.servlet.request.cipher_suite is SSL_RSA_WITH_RC4_128_MD5
javax.net.ssl.cipher_suite is SSL_RSA_WITH_RC4_128_MD5
javax.servlet.request.key_size is 128
.......but nothing else cause it cannot read browsers certificates!
Now, I have absolutely no idea of how can I retreive the info of the client's certificates stored in his browser or anywhere else. If anyone can help, plz explain in lyman terms with some code samples.....
for experts not wishing to answer, plz take two minutes to answer this.
Thanks in advance.
hello friends...
There has been no reply......may be people dont want to spend time for people who r new to this subject. I have come accross some more imp facts..and may be now someone can help.
In my JSP, I have the above code as I have written earlier. also I have configured tomcat not to fail if no certificates are found on the client. Now, I have created a keystore having my servers certificate to be presented to the client browser.
Also, I have created one truststore for verification which contains some demo and some valid certificates. Even, now I am not getting any certificates back from the client cause of the simple reason which is,
The browser (IE5.5) imports or allows installs of PFX,p12,p7B or sst type files.
and with keytool I am only allowed to import (.cer) certificates into the truststore.
Hence, I understand that during the handshake, the browser looks for particular certificates types in itself comparing to the ones in the truststore of the server and on not being able to find, it doesn't return us anything. am i correct?
My server's certificate is presented to the client browser and is requesting its certificates as is confirmed from netscape but its not finding it...
plz plz help me out, I dont have much time to submit this one.
Thanks in advance!
hello friends...
There has been no reply......may be people dont want to spend time for people who r new to this subject. I have come accross some more imp facts..and may be now someone can help.
In my JSP, I have the above code as I have written earlier. also I have configured tomcat not to fail if no certificates are found on the client. Now, I have created a keystore having my servers certificate to be presented to the client browser.
Also, I have created one truststore for verification which contains some demo and some valid certificates. Even, now I am not getting any certificates back from the client cause of the simple reason which is,
The browser (IE5.5) imports or allows installs of PFX,p12,p7B or sst type files.
and with keytool I am only allowed to import (.cer) certificates into the truststore.
Hence, I understand that during the handshake, the browser looks for particular certificates types in itself comparing to the ones in the truststore of the server and on not being able to find, it doesn't return us anything. am i correct?
My server's certificate is presented to the client browser and is requesting its certificates as is confirmed from netscape but its not finding it...
plz plz help me out, I dont have much time to submit this one.
Thanks in advance!
