0

I am creating adapter for work with web-service, using proxy and ssl connection, and Have one problem with understanding Handshaking mechanism. I will explain one example.

My actions:

  1. Make server. Create private key with keytool. create .cer file for it.
  2. Make client. Create same for him.
  3. Exchange .cer with each other, import in keystores other side's certificate.
  4. Create connection. Ok. Everything is ok.
  5. In server's keystore I gen new private key.

Question: which pr_key do server use for handshaking?

RiaD
  • 46,822
  • 11
  • 79
  • 123
RelaxedSoul
  • 644
  • 4
  • 10

1 Answers1

0

The one that has a corresponding private key.

Exporting a certificate to be used in the peer's trust store doesn't export the private key. So in fact there is only one to choose from: the one that corresponds to the certificate that was generated from it.

user207421
  • 305,947
  • 44
  • 307
  • 483
  • 2 stages: 1) handshake, 2) the session after that. So When are pr_key and certificate are used? While handshaking what is format of first message used for that? – RelaxedSoul Aug 15 '13 at 11:11
  • In my mind - answer is "in both". What if client'll not send to server his client_pub.cer? – RelaxedSoul Aug 15 '13 at 11:15
  • The certificate is sent to the peer during the handshake. The SSL handshake messages are defined in [RFC 2246](http://www.ietf.org/rfc/rfc2246.txt), although why you think you need to know them is another question. If the server asks for the client certificate and the client doesn't send it (a) it will be because the client doesn't have one or isn't properly configured, and (b) the server may or may not close the connection depending on whether it is set to 'request' or 'require' the client's certificate. – user207421 Aug 15 '13 at 23:43