SSL Authentication
https://stackoverflow.com/questions/10637517
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianВопрос
Is there an easy way to check whether two .p12 files, one for a server and one for a client, should be mutually acceptable to each other for an SSL handshake with authorization (including client authorization) required on both sides? Each of these .p12 files contains both trust managers and key managers.
In particular, what would cause an error like this on the server side?
SEND TLSv1 ALERT: fatal, description = bad_certificate
WRITE: TLSv1 Alert, length = 2
called closeSocket()
handling exception: javax.net.ssl.SSLHandshakeException: null cert chain
Решение
In TLS handshake first client verifies received server's certificate, and after, depending on certificate algorithm and other parameters, sends his own. In your situation it seems that server received client's certificate and denied it, probably because of empty certificate chain (i.e. client's certificate is self signed?).
Другие советы
No, there's no easy way, because mutual acceptability depends on the configuration of the client and server, and that goes way beyond the certificates they use.
For example, certificates have a "policy" which identifies the practices and policies under which they were issued. Each party can have local configuration that includes a set of acceptable policies. There are many other examples.
