X509 Client Authentication

[rmfought]

Does Oxygen support client authentication via X509 certs? I have set the certificate settings in Oxygen and they are valid, yet when I contact my https protected web service, Oxygen does not appear to be honoring the server's client certificate request. Any ideas?

[sorin_ristache]

Hello,

Yes authentication with X509 certificates is supported. How did you set the certificate in <oXygen/> ? Did you follow the procedure described in the User Manual available from menu Help -> Help for configuring the certificate necessary for a HTTPS server ? What is the error message ?

Regards,
Sorin

[rmfought]

I set the certificate via Options->Preferences->Certificates. I already have a preconfigured Java keystore.

I chose the JKS type, pointed to my keystore file, entered the certificate alias and passwords, and clicking the "Validate" button yields "The certificate options are valid."

When I try to contact my web service, Oxygen displays the following message:

"org.apache.commons.httpclient.HttpException : Software caused connection abort: recv failed (https://192.168.3.52:1025)"

The server (using GnuTLS) shows an error message of: "The peer did not send any certificate. (-49)" The service drops the connection if the handshake fails.

[sorin_ristache]

Hello,

I set the certificate via Options->Preferences->Certificates. I already have a preconfigured Java keystore.

That is for certificates used for digital signatures of XML documents, not for accessing HTTPS servers. I repeat the question: did you follow the procedure described in the User Manual for configuring the Java virtual machine running <oXygen/> with the certificate necessary for the HTTPS server ? The error message of the server says that the certificate store of the JVM does not contain the necessary certificate for the server.

Regards,
Sorin

[rmfought]

Yes, I followed this procedure. The problem is that the server is requesting the client's certificate, which is NOT in a JRE keystore - only the specific one I created for use in Oxygen. The fact that the Oxygen keystore option is for digital signatures only explains why it is not working. I need to get the client cert into the JRE keystore.

[rmfought]

I'm still having no luck. I added the client keypair/certs into both the cacerts keystore and the default user keystore (c:\Documents and Settings\user\.keystore), and Oxygen/Java is still not sending the client cert to the server when requested.

I can make this work fine in a browser, the server asks for the client cert and the browser asks me which cert to send.

[sorin_ristache]

Hello,

Please send the certificate to support at oxygenxml dot com and specify the URL of the HTTPS server so that we can reproduce the error.

Regards,
Sorin