如何验证是否将Java的客户端证书的相互验证方案 [英] how to verify if java sends the client certificate in a mutual auth scenario
问题描述
我安装的2way SSL与骆驼和CXF使用HTTP管道元件等。
我做一个Web服务调用给外方。所有证书安装正确(传入流量是succesfull,这是在Tomcat中配置)。后<一个href=\"http://stackoverflow.com/questions/6680416/apache-cxf-exception-in-ssl-communication-sockettimeout\">this后有关安全的重新协商,我终于收到了来自对方的响应:HTTP响应403禁止。
I setup 2way ssl with Camel and CXF using the http conduit element etc. I make a webservice call to an external party. All certificates are correctly installed (incoming traffic is succesfull, this is configured in Tomcat). After this post about secure renegotiation I finally received a response from the other party: HTTP response 403, forbidden.
我一直在调试javax.net.debug = ALL和的这个的优秀解释。
I've been debugging with javax.net.debug=all and this excellent explanation. I can see in the logging that a secure connection is succesfully setup:
*** Finished
verify_data: { 141, 25, 184, 254, 93, 9, 10, 48, 135, 161, 213, 57 }
***
%% Cached client session: [Session-2, SSL_RSA_WITH_RC4_128_MD5]
和没有其他错误或警告。我如何可以验证,如果我的客户端证书被发送到服务器? (我不能使用Wireshark,但我有javax.net.debug记录)
and no other errors or warnings. How can I verify if my client certificate is sent to the server? (I can't use Wireshark but I have the javax.net.debug logging)
推荐答案
我发现<一个答案href=\"http://stackoverflow.com/questions/1666052/java-https-client-certificate-authentication\">this后并通过比较javax.net.debug输出到客户端验证的例子。
我不明白的 CertificateVerify 在我的日志,只有单向SSL的步骤,所以没有客户端证书发送出去。
I found the answer in this post and by comparing the javax.net.debug output to the client auth example. I don't see CertificateVerify in my log, only the one way ssl steps, so there is no client certificate sent.
的原因是,我复制了CXF HTTP管道例如从他们的网站,但不知何故,它包含的密码组过滤器过于严格了。
The cause was that I copied the CXF http conduit example from their website, but somehow the ciphersuite filter it contained was too strict.
这篇关于如何验证是否将Java的客户端证书的相互验证方案的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
