2

I am writing the client code which has to consume a web service which requires client certificate to authenticate.

Code:

String KEYSTOREPATH = "C:\\jks\\client.p12";
    String KEYPASS = "password";
    SSLContext sslContext = SSLContexts.custom()
            .loadKeyMaterial(
                    new File("C:\\jks\\client.p12"),
                    KEYPASS.toCharArray(), KEYPASS.toCharArray(),
                    (PrivateKeyStrategy) (aliases, socket) -> "client")
            .loadTrustMaterial(new File(KEYSTOREPATH), KEYPASS.toCharArray(), (chain, authType) -> true).build();

    // Allow TLSv1 protocol only
    SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(
            sslContext,
            new String[] { "TLSv1.2" },
            null,
            SSLConnectionSocketFactory.getDefaultHostnameVerifier());
    CloseableHttpClient httpclient = HttpClients.custom()
            .setSSLSocketFactory(sslsf)
            .build();
    try {

        HttpGet httpget = new HttpGet("https://localhost:8443/test");

        System.out.println("Executing request " + httpget.getRequestLine());

        CloseableHttpResponse response = httpclient.execute(httpget);
        try {
            HttpEntity entity = response.getEntity();

            System.out.println("----------------------------------------");
            System.out.println(response.getStatusLine());
            EntityUtils.consume(entity);
        } finally {
            response.close();
        }
    } finally {
        httpclient.close();
    }

Error:

javax.net.ssl|DEBUG|01|main|2019-06-29 19:29:33.244 IST|SunX509KeyManagerImpl.java:401|matching alias: 1
javax.net.ssl|WARNING|01|main|2019-06-29 19:29:33.245 IST|CertificateRequest.java:699|No available client private key
javax.net.ssl|DEBUG|01|main|2019-06-29 19:29:33.246 IST|ServerHelloDone.java:142|Consuming ServerHelloDone handshake message (
<empty>
)
javax.net.ssl|DEBUG|01|main|2019-06-29 19:29:33.246 IST|CertificateMessage.java:291|No X.509 certificate for client authentication, use empty Certificate message instead
javax.net.ssl|DEBUG|01|main|2019-06-29 19:29:33.247 IST|CertificateMessage.java:322|Produced client Certificate handshake message (
"Certificates": <empty list>
)

Command to generate the p12 file

openssl pkcs12 -export -out client.p12 -inkey client.key.pem -in client.cert.pem

Why it is not able to find the client certificate from the client.p12 file? What I am missing here?

ruhewo
  • 97
  • 1
  • 10
  • Looking at the log messages it is saying that the p12 file doesn't contains the private key. Could you verify that? You can do that by running the following command: `openopenssl pkcs12 -info -in client.p12` Let me know if you are getting a similar output as below: -----BEGIN ENCRYPTED PRIVATE KEY----- some random data -----END ENCRYPTED PRIVATE KEY----- -----BEGIN CERTIFICATE----- some random data -----END CERTIFICATE----- – Hakan54 Aug 11 '19 at 06:42
  • Did you found problem? I've exactly same problem. "No available client private key" – Cyrill Zadra Sep 05 '19 at 19:46
  • @CyrillZadra and Hakan54 what is the solution?? – Ponmanikandan Boothalingam Nov 12 '21 at 08:49
  • @Hakan54 the BEGIN CERTIFICATE is the public key and encrypted private key is the key right? – Ponmanikandan Boothalingam Nov 12 '21 at 08:50
  • @PonmanikandanBoothalingam I could not reproduce it. It would be handy if he could share a (throw-away) private key and public key – Hakan54 Nov 12 '21 at 21:22

0 Answers0