For secure server sockets in order to send the server certificate, all I do is initialize SSLContext with a KeyManagerFactory.getKeyManagers() that has been initialized with my keystore.
But how can I do this in client side?
I.e. for client I do:
System.setProperty("javax.net.ssl.keyStore", "clientKeystore.keystore");
System.setProperty("javax.net.ssl.keyStorePassword", "secret");
System.setProperty("javax.net.ssl.trustStore", "clientKeystore.keystore");
System.setProperty("javax.net.ssl.trustStorePassword", "secret");
SSLSocketFactory factory = (SSLSocketFactory) SSLSocketFactory.getDefault();
SSLSocket socket = (SSLSocket) factory.createSocket("localhost", 7890);
I use the same keystore as trust store. I assume that just for looking arround JSSE it is ok.
Problem is that I get in the server part (I have setNeedClientAuth in the serversocket to true).
Exception in thread "main" javax.net.ssl.SSLHandshakeException: null cert chain
So how am I supposed to configure the client side to send a certificate?Isn't the system properties a correct approach?
Because I do not see how the SSLContext can be used in client side.
Thank you!
You do not have to set a specific configuration on the client side to use a certificate for authentication. Maybe some intermediate CAs are missing in the keystore, and the client is not able to build a certificate path from the trust anchor sent by the server and therefore cannot determine if the certificate is suitable for authentication.
You can add the system property
javax.net.debugtoallto print the debug stream on the standard output. Maybe you can get more information on the error.