javagoogle-chromesslpkijks
Certificate chain not transported to server
I use this method to register the client certificate into the server certificate.
/**
* Links the user's certificate into the server's keystore/truststore.
*
* @param server
* The server party.
* @return <code>true</code> if the certificate has been bound,
* <code>false</code> if the certificate already was bound to the
* truststore.
* @throws KeyStoreException
*/
public boolean linkToServerCertificate(Party server) throws KeyStoreException {
if (keyAlias.equals(server.keyAlias)) {
throw new IllegalArgumentException("The alias of client and server must be different!");
}
keystore.setCertificateEntry(server.keyAlias, server.getAliasCert());
Certificate certificate = keystore.getCertificate(keyAlias);
server.keystore.setCertificateEntry(keyAlias, certificate);
return true;
}
After the restart of the AS i get this message:
Having environment variable JAVA_OPTS="-Djavax.net.debug=ssl" i get this informatinos:
*** ServerHelloDone
https-jsse-nio-8443-exec-7, WRITE: TLSv1.2 Handshake, length = 1522
https-jsse-nio-8443-exec-8, READ: TLSv1.2 Handshake, length = 7
*** Certificate chain
<Empty>
***
https-jsse-nio-8443-exec-8, fatal error: 42: null cert chain
javax.net.ssl.SSLHandshakeException: null cert chain
%% Invalidated: [Session-4, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256]
https-jsse-nio-8443-exec-8, SEND TLSv1.2 ALERT: fatal, description = bad_certificate
So the certificate-chain of the certificate is empty
But inspecting the certificate on client, its pointing out that there is a certificate chain.
I am confused, why is the certificate chain not transported to the server?
Solution
I made the mistake, I had the certificate chain in the wrong order.
keystore.setKeyEntry(alias, pair.getPrivate(), pass.toCharArray(),
chainSet.toArray(new Certificate[0]));
The chainSet must be in the order that the closest certificate is the first certificate.
The real mistake was to use the built-in implementation of pki.
- Keep numbers which appear in both columns, in J lang
- Differentiation in J
- How to reshape an array with an arbitrary size in one dimension?
- Why is Insert (fold) right associative
- Write 4 : 'x&{.&.;: y' tacitly
- Alignment issue when printing formatted prime numbers in J language
- How can I define a verb in J that applies a different verb alternately to each atom in a list?
- How to get user input in the J programming language
- How to unbox a list of boxed lists of differing lengths in J?
- How can I fix 'noun result was required' error in J?
- In j, how can I define a verb locally in one scope and pass it to a defined adverb?
- Convert boxed array to normal array?
- Read column of CSV file as array
- Replace atom in array of strings
- What does the dyad `=` do to boxed strings?
- Index of minimum element using J
- How can I take the outer product of string vectors in J?
- Building an array of verbs in J
- Reading in multidigit command line parameter
- Amend with bond to new data shows unexpected behaviour
- How to turn a table or matrix into a (flat) list in J
- How to run dissect in J?
- How to define selection using index function in J
- How to exit the J console?
- Find 4-neighbors using J
- Writing custom verbs in J
- How do I negate a selector in J lang?
- How to use arbitrary selector in interchange in J lang?
- different result once square root is added inside tacit
- Sum of arrays with repeated indices