Ssl client verify
From Resin 3.0
Steel ligang (Talk | contribs) |
Steel ligang (Talk | contribs) |
||
| (2 intermediate revisions by one user not shown) | |||
| Line 34: | Line 34: | ||
But when I use the IE to visit the server,It can not popup the client certificate which is signed by my-ca-certificate. I have import my-ca-certificate in the server.jks as a trusted certificater. But it doesn't work. | But when I use the IE to visit the server,It can not popup the client certificate which is signed by my-ca-certificate. I have import my-ca-certificate in the server.jks as a trusted certificater. But it doesn't work. | ||
| − | + | ... | |
| − | + | so it works. | |
| − | + | ||
| − | I try this on the resin 3.1.8 | + | |
| + | I try this on the resin 3.1.8, set the follow in the resin.conf: | ||
| + | |||
| + | <http port='443'> | ||
| + | <jsse-ssl> | ||
| + | <key-store-type>jks</key-store-type> | ||
| + | <key-store-file>conf/server.jks</key-store-file> | ||
| + | <password>password</password> | ||
| + | <verify-client>required</verify-client> | ||
| + | </jsse-ssl> | ||
| + | </http> | ||
| + | |||
| + | Test ,and it works too. | ||
| + | |||
| + | |||
| + | Steel Lee | ||
| + | |||
| + | 2008-12-6 | ||
Latest revision as of 14:17, 6 December 2008
I use Resin 2.1.16 for windows(JDK 1.5.09).
I try to setup the ssl client authority by my ca-certificate-file.
The Resin 3.2 professioncal can use openssl to set the Ca-certificate-file as my ca-cert-file. and use this file to sign the client cert. but in resin 2 , I failed to use openssl to setup ssl configuration.
In some documents I found , It's should be:
<http port='443'>
<ssl>openssl</ssl>
<certificate-file>conf/server.crt</certificate-file>
<certificate-key-file>conf/server.key</certificate-key-file>
<certificate-key-password>password</certificate-key-password>
<ca-certificate-file>conf/my-root.crt</ca-certificate-file>
<verify-client>require</verify-client>
<verify-depth>5</verify-depth>
</http>
But it cannot work in the windows.
So I use the JSSE to setup this, in resin.conf,
<http port='443'>
<ssl>true</ssl>
<key-store-type>jks</key-store-type>
<key-store-file>conf/server.jks</key-store-file>
<key-store-password>password</key-store-password>
<authenticate-client>true</authenticate-client>
<authenticate-depth>1</authenticate-depth>
</http>
But when I use the IE to visit the server,It can not popup the client certificate which is signed by my-ca-certificate. I have import my-ca-certificate in the server.jks as a trusted certificater. But it doesn't work.
... so it works.
I try this on the resin 3.1.8, set the follow in the resin.conf:
<http port='443'>
<jsse-ssl>
<key-store-type>jks</key-store-type>
<key-store-file>conf/server.jks</key-store-file>
<password>password</password>
<verify-client>required</verify-client>
</jsse-ssl>
</http>
Test ,and it works too.
Steel Lee
2008-12-6
