Oxygen XML Forum

Does Oxygen support client authentication via X509 certs? I have set the certificate settings in Oxygen and they are valid, yet when I contact my https protected web service, Oxygen does not appear to be honoring the server's client certificate request. Any ideas?

Hello,

Yes authentication with X509 certificates is supported. How did you set the certificate in <oXygen/> ? Did you follow the procedure described in the User Manual available from menu Help -> Help for configuring the certificate necessary for a HTTPS server ? What is the error message ?

Regards,
Sorin

I set the certificate via Options->Preferences->Certificates. I already have a preconfigured Java keystore.

I chose the JKS type, pointed to my keystore file, entered the certificate alias and passwords, and clicking the "Validate" button yields "The certificate options are valid."

When I try to contact my web service, Oxygen displays the following message:

"org.apache.commons.httpclient.HttpException : Software caused connection abort: recv failed (https://192.168.3.52:1025)"

The server (using GnuTLS) shows an error message of: "The peer did not send any certificate. (-49)" The service drops the connection if the handshake fails.

Hello,

rmfought wrote:I set the certificate via Options->Preferences->Certificates. I already have a preconfigured Java keystore.

That is for certificates used for digital signatures of XML documents, not for accessing HTTPS servers. I repeat the question: did you follow the procedure described in the User Manual for configuring the Java virtual machine running <oXygen/> with the certificate necessary for the HTTPS server ? The error message of the server says that the certificate store of the JVM does not contain the necessary certificate for the server.

Regards,
Sorin

Yes, I followed this procedure. The problem is that the server is requesting the client's certificate, which is NOT in a JRE keystore - only the specific one I created for use in Oxygen. The fact that the Oxygen keystore option is for digital signatures only explains why it is not working. I need to get the client cert into the JRE keystore.

I'm still having no luck. I added the client keypair/certs into both the cacerts keystore and the default user keystore (c:\Documents and Settings\user\.keystore), and Oxygen/Java is still not sending the client cert to the server when requested.

I can make this work fine in a browser, the server asks for the client cert and the browser asks me which cert to send.

Hello,

Please send the certificate to support at oxygenxml dot com and specify the URL of the HTTPS server so that we can reproduce the error.

Regards,
Sorin