dcsimg
does SSL work with out CA signing ?
2 posts in topic
Flat View  Flat View
TOPIC ACTIONS:
 

Posted By:   Anonymous
Posted On:   Thursday, September 2, 2004 09:17 AM

Hi, How can i test mutual authentication mode in SSL, when I didnt have CA signed certificate ? I just want to test the code whether it is working fine or not. My code is almost ready, every thing is working fine with SSL when i switch off client authentication mode. But when i switch on client authentication mode then server produces an exception which says "SSLHandshakeException null cert chain", due to which the process does not complete successfully. I had client certificate as trusted cert in server store and server certificate also as trusted cert in client store. The only problem i guess is that the certificate are not CA signed !!! Is there a way to use SSL in examples or demos with out having a CA signe   More>>

Hi,



How can i test mutual authentication mode in SSL, when I didnt have CA signed certificate ? I just want to test the code whether it is working fine or not.



My code is almost ready, every thing is working fine with SSL when i switch off client authentication mode. But when i switch on client authentication mode then server produces an exception which says "SSLHandshakeException null cert chain", due to which the process does not complete successfully.



I had client certificate as trusted cert in server store and server certificate also as trusted cert in client store. The only problem i guess is that the certificate are not CA signed !!!



Is there a way to use SSL in examples or demos with out having a CA signed certificate ???



Thanx in advance,



Humayun.

   <<Less

Re: does SSL work with out CA signing ?

Posted By:   shiladitya_sircar  
Posted On:   Saturday, October 2, 2004 08:39 AM

You don’t need a signed CA to test your code, in this context what you can do is create a FakeTrustManager, which will accept or rather authorize un-trusted certificates. Just extend the X509TrustManager and return true in all overridden calls.



import com.sun.net.ssl.X509TrustManager;
import java.security.cert.X509Certificate;

public class FakeTrustManager implements X509TrustManager
{
public boolean isClientTrusted( X509Certificate[] cert)
{
return true;
}

public boolean isServerTrusted( X509Certificate[] cert)
{
return true;
}

public X509Certificate[] getAcceptedIssuers()
{
return new X509Certificate[ 0];
}
}

Now you can use this FakeTrustManager – instead of default TrustManager of SSLSocketFactory.


sslcontext.init( …., new TrustManager[] { new DummyTrustManager()},new java.security.SecureRandom());

Now you can use this sslcontext to create your sslSockets from the factory.

Cheers
Ssircar

Re: does SSL work with out CA signing ?

Posted By:   Anonymous  
Posted On:   Monday, September 6, 2004 12:30 AM

Also note that both server and client certificates are self-sgned using java keytool.
About | Sitemap | Contact