|
Posted by Mitch Gallant on March 13, 2006, 3:37 pm
If you were Registered and logged in, you could reply and use other advanced thread options
Client authentication means that some PRIVATE information that only the
client knows and has is sent to the server.
Client authentication in SSL works by having the client (say IE) sign some
bit of data (nonce) using the client-certificates PRIVATE key (typically
protected with a password) and that data is sent to the server proving that
the sender actually has the private key .. thus authentication the client as
the owner of that certificate.
Obviously, the client's PUBLIC certificate is not adequate.
You need to export BOTH the public/private key from java keystore
using say pfx keystore .. and import THAT into Microsoft CryptoAPI.
- Mitch Gallant
MVP Security
> Hi folks,
>
> I have a problem talking HTTPS to a web server using client authentification.
The web server is java based and is
> using a self signed certificate. The server certificate is exported by the
standard java keytool command to a .cer
> file and is imported to the standard windows certificate store "MY" on the
client.
> The client program is using the standard wininet.dll calls and the client
certificate is set on the created
> HttpRequest.
> But HttpSendRequestEx is not working and gets an DosError 12157
ERROR_INTERNET_SECURITY_CHANNEL_ERROR. In the
> eventlog I see events like
>
> 36869 The SSL [client| server] credential’s certificate does not have a
private key information property attached to
> it
>
> Why does the certificate on the client need a private key ?
>
> Any ideas or hint ?
> Thanks in advance
> Michael
| 
XML site map