Ssl client verify

From Resin 3.0

Revision as of 07:14, 6 December 2008 by Steel ligang (Talk | contribs)
Jump to: navigation, search

I use Resin 2.1.16 for windows(JDK 1.5.09).

I try to setup the ssl client authority by my ca-certificate-file.

The Resin 3.2 professioncal can use openssl to set the Ca-certificate-file as my ca-cert-file. and use this file to sign the client cert. but in resin 2 , I failed to use openssl to setup ssl configuration.

In some documents I found , It's should be:

<http port='443'>



But it cannot work in the windows.

So I use the JSSE to setup this, in resin.conf,

<http port='443'>



But when I use the IE to visit the server,It can not popup the client certificate which is signed by my-ca-certificate. I have import my-ca-certificate in the server.jks as a trusted certificater. But it doesn't work.

I check some document ,find maybe the resin use the JDK default ca-certificate file as the client trust ca-cert. I find a file named "cacerts" in "C:\Program Files\Java\jdk1.5.0_09\jre\lib".and it is a java keystroe file format, it's password is "changeit" I import my-ca-certificate in the cacerts file, and restart the resin. It works!

I try this on the resin 3.1.8, set the follow in the resin.conf:

<http port='443'>



Test ,and it works too.

Steel Lee


Personal tools