0

I'm using restlet to create an HTTPS channel with both server and client certification. I have no problem to certificate the server ( ie having the server exposing a certificate and trusting it from the client ) but I have no idea on how to send the client certificate. Here below the server important code:

Server server = component.getServers().add(Protocol.HTTPS, config.getInt("server.port"));
        Series<Parameter> parameters = server.getContext().getParameters();
        parameters.add("keystorePath", config.getString("keystore.path"));
        parameters.add("keystorePassword", config.getString("keystore.password"));
        parameters.add("keyPassword", config.getString("key.password"));
        parameters.add("keystoreType",config.getString("keystore.type"));
        /* true */
        parameters.add("needClientAuthentication", config.getString("need.client.authentication"));

and the client configuration is like this:

if(config.getBoolean("truststore.use")){
            Series<Parameter> parameters = client.getContext().getParameters();
            parameters.add("truststorePath", config.getString("truststore.path"));
            parameters.add("truststorePassword", config.getString("truststore.password"));
            // parameters.add("trustPassword", "password");
            parameters.add("truststoreType", config.getString("truststore.type"));
        parameters.add("keystorePath", config.getString("keystore.path"));
        parameters.add("keystorePassword", config.getString("keystore.password"));
        parameters.add("keyPassword", config.getString("key.password"));
        parameters.add("keystoreType",config.getString("keystore.type"));

        }

until the needClientAuthentication is false all works ok. By setting needClientAuthentication to true it start to fail, and it is expected since I'm not sending the client certificate. The exception rised has the followint message:

Software caused connection abort: recv failed

but I have no idea and did not find any example on how to send a client certificate.

I even added the keystore info on the client and relaxed the constraint on the server to wantClientAuthentication, but no certificates appear to come from the server.

Felice Pollano
  • 32,832
  • 9
  • 75
  • 115
  • You'd at least need to set the keystore parameters on the client, and almost certainly the trust store parameters on the server. – Bruno Sep 05 '14 at 15:56
  • Thank you @Bruno for the suggestion. I added the keystore infos on the client, relaxed the costraint to wantClientAuthentication, but certificate does not seems to be sent from the client ( I have a filter on the servlet and request.getClientInfo().getCertificates(); returns an empty list – Felice Pollano Sep 05 '14 at 16:06
  • @Bruno, by cinfiguring the trust store on the server certification works. Unfortunately request.getClientInfo().getCertificates() is still empty, any idea why? – Felice Pollano Sep 08 '14 at 09:51

1 Answers1

0

I found the trouble. Apparently server does not start to ask certificates to the client until a trust store is configured on the server too. By configuring the trust store the mutual certification happens correctly.

Felice Pollano
  • 32,832
  • 9
  • 75
  • 115