Re: How to use client certificate authorization properly?
Thursday, July 6, 2006 11:36 PM
To answer you question I have to explain the notion of SSL certificate and key management in the context of your JRE. OK so a keystore file and truststore file are the two placeholders for these elements. The keystore holds key entries, each of which is an entity's identity and its private key, used to identify oneself to a server as a trusted client. The truststore holds trusted certificate entries, each of which is an entity's identity (usually a certificate Authority, or CA) and its public key, which are used to identify trusted servers.
Mutual authentication is establishing reciprocal trust betewen your server and client. What you have done by importing the server certificate to the browser is that you have enabled the browser (client) to trust your server. You must do something similar for your server to trust your browser (client). To do this, your client must generate (or you generate on behalf of the client) a version of the certificate containing its identity and public key which the server must store in its truststore. You can do this by keytool.exe from (jre/bin) to import client certificate to the truststore.