AnsweredAssumed Answered

Issue setting up SSL-MA

Question asked by Konfu on Nov 17, 2016

Hi,

 

We need to set up SSL Mutual Authentication for a DevTest Soap and REST step calling the customer back-end. Our devTest server's certificate was issued by the customer from the customer (we have a .crt, .csr and .key).

We used openssl to create our java keystore (.jks) and have imported our public and private key in it.

 

We have also added the public certificate from our client (a .pem file ) to our keystore.

 

We have adapted the local.properties file on our DevTest server:

ssl.client.cert.path=/appl/security/our_keystore.jks
ssl.client.cert.pass.encrypted=9839f65d0802b8cf48da5c1b095a0daa
ssl.client.key.pass.encrypted=9839f65d0802b8cf48da5c1b095a0daa

 

In the DevTest workstation we have created a test that calls the REST service, but we receive following error:

[   1] [SSL Handshake Summary] SEND TLSv1 ALERT:  fatal, description = certificate_unknown
[   1] [SSL Handshake Summary] javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

 

Can anyone help on how I can setup the SSL-MA?

 

I've looked around a lot and see all kinds of different things. The more I read the more questions I have :-(

  • Is the process that I followed correct?
  • Do we need to convert these keys or certificates to another format?
  • What are the exact commands to use with java keytool?
  • Do we need a keystore and a truststore?

 

I would like to document these steps afterwards, so it can be of help to anyone in the community.

Outcomes