Description
Good day! Maybe this is not the right place to ask such question as mine, but I ran into the issue, that looks like a bug and I did not get any help at stackoverflow. The link to the question there is here
So as it is said in question I have a simple chat application with websocket (STOMP). I have configured ssl connection with mutal auth. Server side code with simple ssl is here and client side is here .
In short - I pass trustedKeyStore and KeyStore to my client and try to connect. As I see on websocket connect faze something goes wrong and client cannot find "Warning: no suitable certificate found - continuing without client authentication" and connection closes.
So if you need - I can repost question and details from stackoverflow, if you need - I can provide some more details and so on.
So questions are :
-
What is wrong?
-
Can someone say - can I pass certificates and keys DIRECTLY to some classes to ensure that connection will use them 100% ? Any way to setup them (not by System.setProperty etc) ?
My keystores are:
CLIENT
Keystore type: JKS
Keystore provider: SUN
Your keystore contains 2 entries
Alias name: 1
Creation date: Jun 29, 2017
Entry type: PrivateKeyEntry
Certificate chain length: 2
Certificate[1]:
Owner: EMAILADDRESS=client3@mail.ru, CN=client3, OU=client3, O=client3, L=client3, ST=client3, C=RU
Issuer: EMAILADDRESS=ca@ca.com, CN=ca, OU=ca, O=ca, L=ca, ST=ca, C=RU
Serial number: 2
Valid from: Wed Jun 28 16:14:54 MSK 2017 until: Thu Jun 28 16:14:54 MSK 2018
Certificate fingerprints:
MD5: 60:22:7C:63:6D:BE:E1:02:39:0B:CD:AD:DB:E2:40:A5
SHA1: BC:03:09:84:A1:C8:46:CA:4A:60:AA:74:1F:49:76:04:5E:2C:9E:9E
SHA256: B5:53:8E:13:CE:34:AF:A8:42:EA:43:6E:FA:A7:7E:B1:F9:49:2F:BF:BE:45:43:9A:99:D8:15:B9:32:60:1C:42
Signature algorithm name: SHA256withRSA
Version: 3
Extensions:
#1: ObjectId: 2.16.840.1.113730.1.13 Criticality=false
0000: 16 1D 4F 70 65 6E 53 53 4C 20 47 65 6E 65 72 61 ..OpenSSL Genera
0010: 74 65 64 20 43 65 72 74 69 66 69 63 61 74 65 ted Certificate
#2: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: A9 07 92 74 27 B9 48 09 CB 44 C7 19 4E 65 02 E8 ...t'.H..D..Ne..
0010: FA B5 E0 40 ...@
]
]
#3: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:false
PathLen: undefined
]
#4: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 6A CE 21 1B 6C 78 3A B9 37 69 36 26 0D FB E0 A1 j.!.lx:.7i6&....
0010: B6 57 80 C3 .W..
]
]
Certificate[2]:
Owner: EMAILADDRESS=ca@ca.com, CN=ca, OU=ca, O=ca, L=ca, ST=ca, C=RU
Issuer: EMAILADDRESS=ca@ca.com, CN=ca, OU=ca, O=ca, L=ca, ST=ca, C=RU
Serial number: 9952f188496b2545
Valid from: Wed Jun 28 15:39:04 MSK 2017 until: Sat Jun 26 15:39:04 MSK 2027
Certificate fingerprints:
MD5: F7:52:34:FD:3C:AC:91:DE:E0:20:4B:D4:D1:44:47:23
SHA1: EE:D5:38:9B:6F:73:CD:0F:BF:32:0F:4E:D8:47:E6:1D:60:4F:36:FE
SHA256: CD:F6:4F:58:9E:99:DC:1D:E0:09:28:8E:FA:1C:52:9E:EC:CB:59:74:9E:C0:59:6C:B0:96:29:C5:3C:00:67:F7
Signature algorithm name: SHA256withRSA
Version: 3
Extensions:
#1: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: A9 07 92 74 27 B9 48 09 CB 44 C7 19 4E 65 02 E8 ...t'.H..D..Ne..
0010: FA B5 E0 40 ...@
]
]
#2: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:true
PathLen:2147483647
]
#3: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: A9 07 92 74 27 B9 48 09 CB 44 C7 19 4E 65 02 E8 ...t'.H..D..Ne..
0010: FA B5 E0 40 ...@
]
]
*******************************************
*******************************************
Alias name: trust
Creation date: Jun 29, 2017
Entry type: trustedCertEntry
Owner: EMAILADDRESS=ca@ca.com, CN=ca, OU=ca, O=ca, L=ca, ST=ca, C=RU
Issuer: EMAILADDRESS=ca@ca.com, CN=ca, OU=ca, O=ca, L=ca, ST=ca, C=RU
Serial number: 9952f188496b2545
Valid from: Wed Jun 28 15:39:04 MSK 2017 until: Sat Jun 26 15:39:04 MSK 2027
Certificate fingerprints:
MD5: F7:52:34:FD:3C:AC:91:DE:E0:20:4B:D4:D1:44:47:23
SHA1: EE:D5:38:9B:6F:73:CD:0F:BF:32:0F:4E:D8:47:E6:1D:60:4F:36:FE
SHA256: CD:F6:4F:58:9E:99:DC:1D:E0:09:28:8E:FA:1C:52:9E:EC:CB:59:74:9E:C0:59:6C:B0:96:29:C5:3C:00:67:F7
Signature algorithm name: SHA256withRSA
Version: 3
Extensions:
#1: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: A9 07 92 74 27 B9 48 09 CB 44 C7 19 4E 65 02 E8 ...t'.H..D..Ne..
0010: FA B5 E0 40 ...@
]
]
#2: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:true
PathLen:2147483647
]
#3: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: A9 07 92 74 27 B9 48 09 CB 44 C7 19 4E 65 02 E8 ...t'.H..D..Ne..
0010: FA B5 E0 40 ...@
]
]
SERVER
Keystore type: JKS
Keystore provider: SUN
Your keystore contains 1 entry
Alias name: server
Creation date: Jun 28, 2017
Entry type: PrivateKeyEntry
Certificate chain length: 1
Certificate[1]:
Owner: EMAILADDRESS=localhost@mail.com, CN=localhost, OU=localhost, O=localhost, L=localhost, ST=localhost, C=RU
Issuer: EMAILADDRESS=ca@ca.com, CN=ca, OU=ca, O=ca, L=ca, ST=ca, C=RU
Serial number: 1
Valid from: Wed Jun 28 16:07:14 MSK 2017 until: Thu Jun 28 16:07:14 MSK 2018
Certificate fingerprints:
MD5: 8A:F3:C1:30:4B:89:82:97:93:D8:E7:A5:B7:71:CF:F6
SHA1: 9F:A0:EE:D9:A5:E3:5E:CE:11:43:4A:5A:AB:98:80:36:26:7A:96:77
SHA256: 64:23:64:A1:B3:BE:0C:D6:EE:DD:E9:B4:92:73:6A:E6:04:3B:91:45:80:05:F5:AB:66:70:5E:A1:4C:8C:44:79
Signature algorithm name: SHA256withRSA
Version: 3
Extensions:
#1: ObjectId: 2.16.840.1.113730.1.13 Criticality=false
0000: 16 1D 4F 70 65 6E 53 53 4C 20 47 65 6E 65 72 61 ..OpenSSL Genera
0010: 74 65 64 20 43 65 72 74 69 66 69 63 61 74 65 ted Certificate
#2: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: A9 07 92 74 27 B9 48 09 CB 44 C7 19 4E 65 02 E8 ...t'.H..D..Ne..
0010: FA B5 E0 40 ...@
]
]
#3: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:false
PathLen: undefined
]
#4: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 1A FD F6 D3 E0 6A F0 56 3E 4A 75 E0 1F 76 BC 1C .....j.V>Ju..v..
0010: C2 DE A7 28 ...(
]
]
TRUSTED (both client and server have the same)
Keystore type: JKS
Keystore provider: SUN
Your keystore contains 1 entry
Alias name: my_ca
Creation date: Jun 28, 2017
Entry type: trustedCertEntry
Owner: EMAILADDRESS=ca@ca.com, CN=ca, OU=ca, O=ca, L=ca, ST=ca, C=RU
Issuer: EMAILADDRESS=ca@ca.com, CN=ca, OU=ca, O=ca, L=ca, ST=ca, C=RU
Serial number: 9952f188496b2545
Valid from: Wed Jun 28 15:39:04 MSK 2017 until: Sat Jun 26 15:39:04 MSK 2027
Certificate fingerprints:
MD5: F7:52:34:FD:3C:AC:91:DE:E0:20:4B:D4:D1:44:47:23
SHA1: EE:D5:38:9B:6F:73:CD:0F:BF:32:0F:4E:D8:47:E6:1D:60:4F:36:FE
SHA256: CD:F6:4F:58:9E:99:DC:1D:E0:09:28:8E:FA:1C:52:9E:EC:CB:59:74:9E:C0:59:6C:B0:96:29:C5:3C:00:67:F7
Signature algorithm name: SHA256withRSA
Version: 3
Extensions:
#1: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: A9 07 92 74 27 B9 48 09 CB 44 C7 19 4E 65 02 E8 ...t'.H..D..Ne..
0010: FA B5 E0 40 ...@
]
]
#2: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:true
PathLen:2147483647
]
#3: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: A9 07 92 74 27 B9 48 09 CB 44 C7 19 4E 65 02 E8 ...t'.H..D..Ne..
0010: FA B5 E0 40 ...@
]
]
Thank you!