SSL muthual authentication

Hi all!
I'm writing a web service client application using JWSDP. The SOAP message is sent via HTTPS channel. In SSL handshake, the muthual authentication is required. In order to solve this I attached to my client:
      System.setProperty( "javax.net.ssl.keyStore", "key.pfx" );
      System.setProperty( "javax.net.ssl.keyStorePassword", "pass" );
      System.setProperty( "javax.net.ssl.keyStoreType", "pkcs12" );
      System.setProperty( "javax.net.ssl.trustStore", "truststore.ks" );
      System.setProperty( "javax.net.ssl.trustStorePassword", "pass2" );
      Provider provider = new com.sun.net.ssl.internal.ssl.Provider();
      Security.addProvider( provider );
      System.setProperty( "java.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol" );I tried to connect to the server with settings above with a simple HTTP client, using HttpURLConnection. It was successfull, and when I turn "javax.net.debug" property to "all", I see in my log: "Found trusted certificate:...".
When I try to connect to the server with ws-client based on JWSDP, I do not see "Found trusted certificate:..." in my logs, and muthual authentication is not successfull.
I tried the system property settings above with an axis-based ws-client also, and it worked.
Do I have to configure any other properties using JWSDP in order to turn muthual authentication on?
Please help!
waczack

That is the only way to accomplish mutual authentication in Java.By which is meant that the server requires the client to authenticate itself. The server always authenticates itself to the client. If client authentication is required it has to be set at the server end. How that is done in .NET is not a question for these forums.
I also don't understand how you are getting 'Found trusted certificate' over an HTTP connection, where there is no authentication at all, unless this is coming from your application, in which case logging it is clearly a mistake.

Similar Messages

  • How do I bind to directory server with SSL and authentication?

    I'm running Lion Server 10.7.3, Open Directory master. In Open Directory/Settings/LDAP, I've checked the box to Enable SSL and selected a (self-signed) certificate. In Policies/Binding, I've checked the box to Enable Authenticated Directory Binding.
    Testing with a client computer on which Snow Leopard has been freshly installed and fully updated, I went to System Prefs/Accounts to bind to the new directory server. The good news is, the binding was successful, and when the client initiates an AFP connection with the server, it uses Kerberos, creating a ticket as expected. (Which doesn't work with Lion clients, alas, but that's a seperate matter.)
    Here are the problems:
    1) It looks like the binding did not use SSL. By which I mean that when I opened Directory Utility and examined the LDAPv3 entry, the SSL checkbox was not checked. (If I then check the box, everything looks fine until I restart the client, after which I have a red dot. So I'm guessing that checking the box does nothing until after restart, and that it breaks the binding.)
    2) I was never prompted to authenticate for the directory binding.
    So I get that literally I'm *enabling* SSL and Authenticated Directory Binding, but it seems like the defaults are to bind without SSL or authentication, and there's no obvious-to-me way to force the binding to use those things. How do I do that?
    What I'd really like to do is *require* SSL and Authenticated Directory Binding. I want this because my belief (correct me if I'm wrong) is that if authentication is required to bind to the server, no one will be able to bind to my server without my permission, and that SSL offers a more secure connection to my server than not-SSL. How do I require these things, or do I not really want to?
    Thank you.

    You cannot connect to databases via Muse at the moment. Please refer: http://forums.adobe.com/message/5090145#5090145
    Cheers,
    Vikas

  • SSL mutual authentication with Tomcat and IE

    Hi,
    I am trying to set up mutual ssl with Tomcat.
    Everything works fine on the server but I cannot authenticate the client.
    The client is my internet explorer browser. This is what I have tried.
    -Generated an ssl server certificate using keytool.
    -Generated a certificate for the client
    -exported it to a .cer file
    -imported it to a truststore and moved it into the cacerts file
    I have verified this because tomcat lists my client certificate as a trusted
    one at start up.
    After this I installed the .cer file into IE and tried accessing the server.
    Handshake fails: "bad_certificate"
    I have searched all around the net trying to find someone who had done something like this, could not find anything. Can anyone please help me through this setup.
    -thanks

    Oh I find that there is different code base of WLS 7.0.0!!
    - WLS 7.0.0 of Mai 2002 is propagating the principal correctly with SSL
    mutual authentication.
    - WLS 7.0.0 of Juli 2002 is NOT propagating anymore! (the patch is appliable
    to this)
    Obviously BEA published different nightly builds of the same WLS 7.0.0 on
    the web.
    Is this normal?
    Regards
    Alain Hsiung
    "Alain Hsiung" <[email protected]> wrote in message
    news:[email protected]..
    I think that SP1 has a bug: it cannot propagate the principal when SSL
    mutual
    authentication is used. I fixed it with a small patch. Now the principalis
    propagated
    correctly with SSL mutual authentication on WLS 7.0.1 (WLS 7.0.0 isworking
    without patch).
    Alain Hsiung
    "Alain Hsiung" <[email protected]> wrote in message
    news:[email protected]..
    Hi all
    I make SSL mutual authentication work between 2 WLS 7.0 servers.
    As I upgrade to WLS 7.0 SP1 the principal propagation doesn't workanymore:
    the principal on the target WLS is always "anonymous"!
    Is this a bug or is there something new to parametrize?
    Regards
    Alain Hsiung

  • HTTPService SSL mutual authentication

    I can use HTTPService to access a secure web server via.
    HTTPS. The SSL is configured to do a mutual authentication: both
    server and client needs to send their certificate to each other.
    Where should I put client certificate so that HTTPService can fint
    it?
    Is Flex3 using browser's certificate management system? or
    has its own?

    Oh I find that there is different code base of WLS 7.0.0!!
    - WLS 7.0.0 of Mai 2002 is propagating the principal correctly with SSL
    mutual authentication.
    - WLS 7.0.0 of Juli 2002 is NOT propagating anymore! (the patch is appliable
    to this)
    Obviously BEA published different nightly builds of the same WLS 7.0.0 on
    the web.
    Is this normal?
    Regards
    Alain Hsiung
    "Alain Hsiung" <[email protected]> wrote in message
    news:[email protected]..
    I think that SP1 has a bug: it cannot propagate the principal when SSL
    mutual
    authentication is used. I fixed it with a small patch. Now the principalis
    propagated
    correctly with SSL mutual authentication on WLS 7.0.1 (WLS 7.0.0 isworking
    without patch).
    Alain Hsiung
    "Alain Hsiung" <[email protected]> wrote in message
    news:[email protected]..
    Hi all
    I make SSL mutual authentication work between 2 WLS 7.0 servers.
    As I upgrade to WLS 7.0 SP1 the principal propagation doesn't workanymore:
    the principal on the target WLS is always "anonymous"!
    Is this a bug or is there something new to parametrize?
    Regards
    Alain Hsiung

  • Anyconnect SSL VPN Authentication Feilure

    Dear All,
    I have configured an Asa 5510 as SSL vpn gataway ver 8.2(4) Anyconnect Essential. The clients are authenticated via Radius and OTP password.
    All work well since yesterday. When I have did same configuration changes. My objective was has that the clients accept the self signed certificate issued by the Asa whitout give the warning about the private cert.
    So I have try to generaste a new certificate with FQDN equal to myasa.mydomain.com and also a CN=myasa
    Then I have change the provile XML file of my anyconnect in this way:
    <HostEntry>
                <HostName>myasa</HostName>
                <HostAddress>xxx.xxx.xxx.xxx</HostAddress>
            <PrimaryProtocol>SSL</PrimaryProtocol>       
    Then I installed the certificate on my Win7 Pc in the Trusted Root Certification Authority.
    The result of all my changes is that now the login fail! Someone could help me pls?
    webvpn_allocate_auth_struct: net_handle = DA0C3608
    webvpn_portal.c:ewaFormSubmit_webvpn_login[3203]
    webvpn_portal.c:webvpn_login_validate_net_handle[2234]
    webvpn_portal.c:webvpn_login_allocate_auth_struct[2254]
    webvpn_portal.c:webvpn_login_assign_app_next[2272]
    webvpn_portal.c:webvpn_login_cookie_check[2289]
    webvpn_portal.c:webvpn_login_set_tg_buffer_from_form[2325]
    webvpn_portal.c:webvpn_login_transcend_cert_auth_cookie[2359]
    webvpn_login_transcend_cert_auth_cookie: tg_cookie = NULL, tg_name = VPNSSL
    webvpn_portal.c:webvpn_login_set_tg_cookie_form[2421]
    webvpn_portal.c:webvpn_login_set_tg_cookie_querry_string[2473]
    webvpn_portal.c:webvpn_login_resolve_tunnel_group[2546]
    webvpn_login_resolve_tunnel_group: tgCookie = NULL
    webvpn_login_resolve_tunnel_group: tunnel group name from group list
    webvpn_login_resolve_tunnel_group: TG_BUFFER = VPNSSL
    webvpn_portal.c:webvpn_login_negotiate_client_cert[2636]
    webvpn_portal.c:webvpn_login_check_cert_status[2733]
    webvpn_portal.c:webvpn_login_cert_only[2774]
    webvpn_portal.c:webvpn_login_primary_username[2796]
    webvpn_portal.c:webvpn_login_primary_password[2878]
    webvpn_portal.c:webvpn_login_secondary_username[2910]
    webvpn_portal.c:webvpn_login_secondary_password[2988]
    webvpn_portal.c:webvpn_login_extra_password[3021]
    webvpn_portal.c:webvpn_login_set_cookie_flag[3040]
    webvpn_portal.c:webvpn_login_set_auth_group_type[3063]
    webvpn_login_set_auth_group_type: WEBVPN_AUTH_GROUP_TYPE = 1
    webvpn_portal.c:webvpn_login_aaa_not_resuming[3137]
    webvpn_portal.c:http_webvpn_kill_cookie[790]
    webvpn_auth.c:http_webvpn_pre_authentication[2321]
    WebVPN: calling AAA with ewsContext (-636397680) and nh (-636733944)!
    webvpn_add_auth_handle: auth_handle = 95
    WebVPN: started user authentication...
    webvpn_auth.c:webvpn_aaa_callback[5163]
    WebVPN: AAA status = (ACCEPT)
    webvpn_portal.c:ewaFormSubmit_webvpn_login[3203]
    webvpn_portal.c:webvpn_login_validate_net_handle[2234]
    webvpn_portal.c:webvpn_login_allocate_auth_struct[2254]
    webvpn_portal.c:webvpn_login_assign_app_next[2272]
    webvpn_portal.c:webvpn_login_cookie_check[2289]
    webvpn_portal.c:webvpn_login_set_tg_buffer_from_form[2325]
    webvpn_portal.c:webvpn_login_transcend_cert_auth_cookie[2359]
    webvpn_login_transcend_cert_auth_cookie: tg_cookie = NULL, tg_name = VPNSSL
    webvpn_portal.c:webvpn_login_set_tg_cookie_form[2421]
    webvpn_portal.c:webvpn_login_set_tg_cookie_querry_string[2473]
    webvpn_portal.c:webvpn_login_resolve_tunnel_group[2546]
    webvpn_portal.c:webvpn_login_negotiate_client_cert[2636]
    webvpn_portal.c:webvpn_login_check_cert_status[2733]
    webvpn_portal.c:webvpn_login_cert_only[2774]
    webvpn_portal.c:webvpn_login_primary_username[2796]
    webvpn_portal.c:webvpn_login_primary_password[2878]
    webvpn_portal.c:webvpn_login_secondary_username[2910]
    webvpn_portal.c:webvpn_login_secondary_password[2988]
    webvpn_portal.c:webvpn_login_extra_password[3021]
    webvpn_portal.c:webvpn_login_set_cookie_flag[3040]
    webvpn_portal.c:webvpn_login_set_auth_group_type[3063]
    webvpn_login_set_auth_group_type: WEBVPN_AUTH_GROUP_TYPE = 1
    webvpn_portal.c:webvpn_login_aaa_resuming[3093]
    webvpn_auth.c:http_webvpn_post_authentication[1485]
    WebVPN: user: ([email protected]) authenticated.
    webvpn_auth.c:http_webvpn_auth_accept[2939]
    WARNING: CSD is disabled by AnyConnect Essentials license.
    webvpn_session.c:http_webvpn_create_session[184]
    webvpn_session.c:http_webvpn_find_session[159]
    WebVPN session created!
    webvpn_session.c:http_webvpn_find_session[159]
    webvpn_session.c:http_webvpn_destroy_session[1386]
    webvpn_remove_auth_handle: auth_handle = 95
    WARNING: CSD is disabled by AnyConnect Essentials license.
    WARNING: CSD is disabled by AnyConnect Essentials license.
    webvpn_portal.c:webvpn_determine_primary_username[5689]
    webvpn_portal.c:webvpn_determine_secondary_username[5758]
    webvpn_portal.c:ewaFormServe_webvpn_login[1974]
    webvpn_portal.c:http_webvpn_kill_cookie[790]
    APP_BUFFER: <option value="VPNSSL" noaaa="0" >dntsbewvpn</option>
    webvpn_free_auth_struct: net_handle = DA0C3608
    webvpn_allocate_auth_struct: net_handle = DA0C3608
    webvpn_free_auth_struct: net_handle = DA0C3608

    Dear All,
    I have found why the authentication was stop to work.
    I have lost in the config the command:
    svc image disk0:/anyconnect-win-xxxxxk9.pkg 1
    Now it works.
    Best regards,
    Igor.

  • How can I set up SSL login authentication on one domain for multiple domains

    Our site currently runs in 22 countries with 22 different
    country domains:
    www.mysite.com
    www.mysite.co.uk
    www.mysite.fr
    etc
    We want to use SSL on our login pages but realise that the
    cost of certification for every domain is expensive. One solution
    would be to channel all login activity to a single domain, eg:
    www.mysite.com/login.cfm?site=fr which would then redirect to
    www.mysite.fr – this is how Google do it
    But, currently we are using encrypted cookies for login
    authentication so we would have the problem of having to transfer
    the cookie info across domains securely. Is there any way of going
    about this?
    Any other suggestions would be great, too. We do plan to move
    to session management for logins but this is a longer term project
    so we are hoping to sort out the SSL prior to that.

    Can you not pass the values you need as URL parameters?
    Encrypt them befor you send them and then decrypt them on the new
    domain. Then add them to whatever place you need (cookie, session,
    etc.)?

  • Is there any way to config iws6.0 to connect to LDAP directory using SSL client and server authentication.  Only SSL server authentication worked when I tried.

    As my previous question, I followed the following instructions to setup up connection between iws and an LDAP server.
    "Using SSL to Communicate with LDAP
    You should require your Administration Server to communicate with LDAP using SSL. To enable SSL on your Administration Server, perform the following steps:
    1.Access the Administration Server and choose the Global Settings tab.
    2.Click the Configure Directory Service link.
    3.Select Yes to use Secure Sockets Layer (SSL) for connections.
    4.Click Save Changes.
    5.Click OK to change your port to the standard port for LDAP over SSL. "
    Q1. Any other steps needed to setup client authentication (or mutual authentication)?
    Q2. Do I need to enable security for connection groups in order to have this setup to work?

    Check out:
    http://docs.iplanet.com/docs/manuals/enterprise/60sp1/ag/esecurty.htm#1008113
    You will need to turn on Client Auth as described above. Hope it helps.

  • Failed to use LDAP over SSL MUTUAL AUTHENTICATION with some Directory enable SSL.

    In iPlanet Web Server, Enterprise Edition Administration's guide, chapter 5: secure your web server - Using SSL and TLS protocol specifying that the Administrator server camn communicate LDAP over SSL with some Directory enable SSL.
    Is there any way to configure iplanet Administration server to talk ldap/ssl in mutual authentication mode with some directory?

    Hi,
    Sorry, I could not understand what your are trying to do with iWS.
    Could you please berifly explain your question. So that I can help you.
    Regards,
    Dakshin.
    Developer Technical Support
    Sun Microsystems
    http://www.sun.com/developers/support.

  • Apache SSL Client Authentication with Windows Mobile

    The biggest question I have here is if anyone has actually made this work. I would think this would be pretty standard...
    On our HTTP server I have protected folders setup with Certificate Based Client Authentication. Each folder requires a unique client certificate.
    This works perfectly with IE & Firefox running on PCs.
    The problem I have is trying to authenticate a Windows Mobile Device.
    I can authenticate the CA certificate but nothing in the client certificate.
    In ssl.conf I have the following parameters for each folder:
    SSLRequire %{SSL_CLIENT_S_DN_O} eq "Our Organization"
    SSLRequire %{SSL_CLIENT_S_DN_CN} eq "User Division Level"
    SSLRequire %{SSL_CLIENT_S_DN_OU} eq "User Level"
    The only parameter that Apache is able to validate from the device is DN_O and that is coming from the CA certificate.
    DN_CN & DN_OU are contained in the user certificate but it is not able to validate those.
    Anyone have any ideas on this?
    Edited by: Alan3 on Nov 20, 2008 2:15 PM

    Bump.
    Is anyone out there using Win Mobile devices with Oracle HTTP server?

  • EP6 SSL windows authentication

    I have found a couple of issues we are experiencing has anybody come
    across these before.
    1. When using windows authentication both with and without SSL on the import screen,if you try to browse you receive the following error.
    "BAD REQUEST (Invalid URL)" if you log in directly to the portal it works fine.
    2. This issue occurs only under SSL instead of going straight into the portal, you are stopped at the logon screen with "user authentication failed" , but if you just hit return you proceed straight into the portal.
    I am guessing that this is potentialy an IIS issue, but not sure where at this point, any help would be appreciated.
    This is a windows system EP6 SP2 patch 4 hotfix 5
    iisproxy 1.6.0.0

    Aha, now I now what you mean. I think you are talking about uploading files either in CM or with import/export data, correct? If so, take a look at HTTP 400 errors in Collaboration with IISProxy
    The problem is that IIS 6 cannot handle long urls and urls with the charcters < > in it by default.
    hope this helps.

  • SSL client authentication: how to get the cert used in call?

    Hi !
    I'd like to authenticate my clients based on their certificate. Unfortunately, there doesn't seem to be an easy way to get the client certificate that was used for the current method call.
    I am thinking of something like this:
    SomeClass dosomething(param a, param b) {
    RemoteUser ru = getUserFromCert();
    if (ru==null) return;
    ....do the job....
    SomeOtherClass dosomethingelse() {
    ....same thing
    RemoteUser getUserFromCert() {
    Principal pr = RMIContext.getRMIContext().getSSLSocket().getSSLSession().getPrincipal();
    Is that the way to do it?
    What do I need to implement to get that getUserFromCert method going?
    Has anyone done that before?
    Thanks for any help,
    ken

    Thanks for your reply. I'd like option (b) best as well. But I think I read somewhere that the HandshakeCompletedListener is called asynchronously? Would be bad if it'd be called after a call has been handled.
    I did some more research and realized I might as well use JMX. JMX has authentication included and does remote method invocation just like RMI. There even seems to be a so called JMXMP connector which supports client authentication by certificate, which is exactly what I want. I'd probably have to rewrite some parts but it seems to be an elegant solution.
    Am I right?

  • Web Service, SSL and Client Authentication

    I tried to enable SSL with client authentication over a web service. I am using App Server 10.1.3.4.
    The test page requires my certificate (firefox asks me to choose the certificate) the response page of the web service returns this error:
    java.security.PrivilegedActionException: javax.xml.soap.SOAPException: Bad response: 405 Method Not Allowed
    Has anyone used web services with SSL client authentication?
    Any clue why?
    Regards

    Any comment?
    Thank you.

  • Setting Authentication and SSL Settings by folder/file in ColdFusion 10

    Am attempting to upgrade to ColdFusion 10 (patched to current level) on our development network.  We are running Windows Server 2008 R2.  On both of the below instances it worked fine with ColdFusion 8 and 9.
    On the first instance the entire site is SSL with the exception of one directory.  The entire site is set to Anonymous Authentication Disabled and Windows Authentication Enabled for the entire site except for the one directory that is not SSL.  On ColdFusion 10, that one directory that is not supposed to be SSL and have anonymous authentication will not allow access unless you hit it with an https: and authenticate.  It ignores the settings for that directory and uses the overall site settings.
    On another instance the entire site is set to Anonymous Authentication except one file (login.cfm) is set to Windows Authentication.  When you enter that site it hits the login.cfm, if you authenticate it gives you more options.  If you don't you still get in but without the extra options.  The system ignores the Windows Authentication and defaults to the overall site's setting of Anonymous Authentication.  I have tried setting the authentication at the site level to both Anonymous and Windows then going through individual directories and changing them to what they should be, but the settings are ignored and it uses the overall site settings.
    Is Tomcat somehow overriding the page/folder specific SSL and or Authentication settings?

    Charlie, I appreciate you helping rule out the possible discrepancies in the installation.  As far as server configuration, all testing is being done on two virtual Windows Sever 2008 R2 64 bit boxes running IIS 7.5  One of the boxes was upgraded from ColdFusion 9.01 and one that is a new install on a new virtual machine.  The CF9.01 box has been processing both the SSL and non-SSL properly. The only changes I made to the CF9.01 I upgraded was to turn on CGI in the IIS settings.  Both servers show the same problems so I kind of ruled out the new server vice upgrade issue.  I checked the inheritance and all of the files have the same windows user's permissions.  I have imported the SSL certificates into the JRE\security\lib\certs.  I am guessing those are imported correctly otherwise it would not allow the SSL to work at all. All SSL/windows authentication has been set up through IIS, I have not tried to modify any Tomcat settings.
    I created a .htm file and put it in both a directory that is SSL protected and one (ScheduledTasks) that is not SSL protected.  It worked fine. That is if it was in a directory that should have been protected by SSL it prompted me for my CAC and pin.  When I put it in the ScheduledTasks directory and tried opening it with a stander http:// it worked fine.  I then tried to open a .cfm in the same directory and I got the standard 403-Forbidden: Access is denied.  You do not have permission to view this directory or page using the credentials that you supplied.

  • WebServer 6.1 SP3 SSL reverse proxy to Sun One Application Server 7

    I have an application in the appserver7 that requires SSL authentication. I have already installed a self cert in the appserver7, and the authentication works fine when I browse directly to the appserver.
    The appserver7 has both listener for port 80 and 443 enabled.
    I'm currently setting up a webserver (WebServer 6.1 SP3) to act as a reverse proxy to the appserver7. The reverse proxy for the basic jsp pages found in the appserver worked fine.
    When I try to access the login page, in the appserver, in ssl mode, I am unable to do so. I then try changing the obj.conf to the following, from http to https:
    <Object name="passthrough">
    ObjectType fn="force-type" type="magnus-internal/passthrough"
    Service fn="service-passthrough" method="(GET|HEAD|POST)" servers="https://172.2
    8.48.53"
    However, it still doesn't work.
    Do I need to install a self cert in the webserver and enable the ssl listener as well?
    Do I need to install any reverse proxy addon for the appserver? Any
    setup for the obj.conf in the appserver?
    Any ideas how to get this done?
    Thanks.
    Mac.

    The Web Server 6.1 SP3 Reverse Proxy Plugin is supported, but it sounds like you're trying to do something that simply isn't possible.
    If you want the Reverse Proxy Plugin to perform SSL mutual authentication with the Application Server using the client's certificate, that's impossible due to the nature of SSL mutual authentication. If the plugin could impersonate the client, then SSL would be vulnerable to MITM (Man In The Middle Attacks). Fortunately, SSL isn't vulnerable to such attacks because the plugin doesn't know the client's private key.
    If you simply want the Reverse Proxy Plugin to pass information about the client's certificate along to the Application Server, that hapens automatically. There's nothing special to configure. Note that the plugin will not authenticate to the Application Server in this case. Rather, it will simply copy the X.509 certificate into the proprietary Proxy-auth-cert: HTTP request header.
    The application running on the Application Server can inspect the Proxy-auth-cert: header using standard Servlet APIs. Alternatively, you can use Application Server 7's auth-passthrough AuthTrans SAF to cause the contents of the Proxy-auth-cert: header to be copied to the javax.servlet.request.X509Certificate Servlet attribute.

  • Applet(using SSL sockets) application in browser

    hello everyone,
    I am new to this forum, and this is my first forum in this site, please help me,
    My problem is,
    I have done an applet application which uses the SSL sockets, and it is working fine if i use the appletviewer tool, with the arguments of policy and URL, when i run this command "appletviewer -J-Djava.security.policy=mypolicy.policy URL of my html page" in the command mode its working fine.
    I have wrote HTML file for running the applet, and when i used it in the browser i was not able to get output , i was getting the error "NoTrustedCertificates found", i have setted the properties of truststore and password in the program itself like,
    System.setProperty("javax.net.ssl.trustStore", System.getProperty("java.home")+"cert");
    System.setProperty("javax.net.ssl.trustStorePassword", "pwd");
    and i also used the policy tool. I have stored my certificate along with the jar file, and i was getting this error
    can anyone please help me, or suggest me the right way to reach my target.
    Thanx in advance

    Hai,
    I have made my client applet running from the remote system, and the client was establishing SSL sockets, and there is a problem in Handshake, NO TRUSTED CERTIFICATE found was the error, and i had loaded the certificates ( one is used for signing the certificate, and the other is used for the SSL sockets authentication ) in my applet client code i have setted the system properties like
    System.setProperty("javax.net.ssl.trustStore", System.getProperty("java.home")+"\\lib\\security\\cert");
    System.setProperty("javax.net.ssl.trustStorePassword", "pwd");
    and this is the certificate which is used for SSL sockets authentication, and i stored the cert in the "jre\lib\security\" directory, and im using the jdk1.4.2_05 version.
    At the client side the error is
    Network Error: sun.security.validator.ValidatorException: No trusted certificate found.
    at com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.a(Unknown Source)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(Unknown Source)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(Unknown Source)
    at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(Unknown Source)
    at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(Unknown Source)
    at com.sun.net.ssl.internal.ssl.SunJSSE_ax.a(Unknown Source)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(Unknown Source)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(Unknown Source)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(Unknown Source)
    at com.sun.net.ssl.internal.ssl.AppOutputStream.write(Unknown Source)
    at java.io.OutputStream.write(Unknown Source)
    at java.lang.Thread.run(Unknown Source)
    Caused by: sun.security.validator.ValidatorException: No trusted certificate found
    at sun.security.validator.SimpleValidator.buildTrustedChain(Unknown Source)
    at sun.security.validator.SimpleValidator.engineValidate(Unknown Source)
    at sun.security.validator.Validator.validate(Unknown Source)
    at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)
    at com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted(Unknown Source)
    At the server side the error is
    javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_unknown
    at com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.a(Unknown Source)
    at com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.b(Unknown Source)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.b(Unknown Source)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(Unknown Source)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(Unknown Source)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(Unknown Source)
    at com.sun.net.ssl.internal.ssl.AppInputStream.read(Unknown Source)
    at com.ClientNeg.run(ClientNeg.java:76)
    at java.lang.Thread.run(Unknown Source)
    i was not able to understand what went wrong , so any one please help me in doing my work.
    Thanx
    dwurity

Maybe you are looking for

  • Error while applying patchset 11.1.0.7 to 11.1.0.6

    Hi, I am a new DBA and would appreciate any help on this. I am in the process of upgrading my database from 10.2.0.4 to 11.1.0.7. I installed 11.1.0.6 and was applying the 11.1.0.7 patch. I installed the 11g patchset successfully and was working on '

  • My screen will no longer turn on, how do i reset my display settings on mac pro

    Hi, i'm using a mac pro and cinema HD display, the display was usually set to using the power button on the side as an actual power button, i decided to change it to turn computer sleep mode on and off and it still worked fine whilst it was on, i the

  • Service Contract (item category D)

    Hello,    I created a contract for service for painting of the building. Used docuement type WK, item category D and account assigned cost centre. I gave at the line item level (outline level) the description as painting of building and at service sp

  • E Recruiting- Ex employees into Talent pool

    Hi All We want to access left employees in the e Recruiting Talent group. We are following two server architecture. Meaning we are a standalone system for e Rec and using ALE to pull the data of employees data (internal candidates) into e Rec. Is it

  • Select query written on view giving dump

    Hi All, I have written the following query on COAS view in my code:       SELECT aufnr bukrs INTO TABLE gt_aufnr         FROM coas           WHERE                 aufnr IN r_aufrm AND                 auart IN s_auart AND                 autyp = c_aut