SSL HandShakeException: No_Certificate. Using IBM's J9 JVM and Apache Tomcat

Posted by DaveJohnston on Stack Overflow See other posts from Stack Overflow or by DaveJohnston
Published on 2010-02-08T12:33:29Z Indexed on 2010/04/08 9:33 UTC
Read the original article Hit count: 445

Filed under:
|
|
|
|

I am developing a mobile application that is to run on a Windows Mobile PDA. The application is written in Java and to run it we are using the J9 JVM from IBM. The application communicates with an Apache Tomcat server over HTTP and we are trying to set it up now to use SSL.

I have generated public/private keys for both the client and the server, exported their self signed certificates and imported them into the respective keystores. Initially I tried to just get it working using only server side authentication and that was successful. But I am now trying to get mutual authentication by setting clientAuth="true" in the server.xml file in the apache conf directory.

I have enabled the SSL logging on the server and when the client connects the server reports an SSLProtocolException: handshake alert: no_certificate. The client logs also show an exception:

javax.net.ssl.SSLHandshakeException: unexpected_message
    at com.ibm.j9.jsse.SSLSocketImpl.completeHandshake(Unknown Source)
    at com.ibm.j9.jsse.SSLSocketImpl.startHandshake(Unknown Source)
    at com.ibm.oti.net.www.protocol.https.HttpsURLConnection.openSocket(Unknown Source)
    at com.ibm.oti.net.www.protocol.https.HttpsURLConnection.connect(Unknown Source)
    at com.ibm.oti.net.www.protocol.https.HttpsURLConnection.sendRequest(Unknown Source)
    at com.ibm.oti.net.www.protocol.https.HttpsURLConnection.doRequest(Unknown Source)
    at com.ibm.oti.net.www.protocol.https.HttpsURLConnection.getInputStream(Unknown Source)

The client keystore and truststore is configured by setting the following System Properties:

javax.net.ssl.trustStore
javax.net.ssl.trustStorePassword
javax.net.ssl.keyStore
javax.net.ssl.keyStorePassword

Does anyone have any ideas how I can set up client authentication on the J9 JVM?

© Stack Overflow or respective owner

Related posts about security

Related posts about ssl