Java HTTPS client certificate authentication

Question

I\'m fairly new to HTTPS/SSL/TLS and I\'m a bit confused over what exactly the clients are supposed to present when authenticating with certificates.

I\

Answer 1

For those of you who simply want to set up a two-way authentication (server and client certificates), a combination of these two links will get you there :

Two-way auth setup:

https://linuxconfig.org/apache-web-server-ssl-authentication

You don't need to use the openssl config file that they mention; just use

• $ openssl genrsa -des3 -out ca.key 4096

• $ openssl req -new -x509 -days 365 -key ca.key -out ca.crt

to generate your own CA certificate, and then generate and sign the server and client keys via:

• $ openssl genrsa -des3 -out server.key 4096

• $ openssl req -new -key server.key -out server.csr

• $ openssl x509 -req -days 365 -in server.csr -CA ca.crt -CAkey ca.key -set_serial 100 -out server.crt

and

• $ openssl genrsa -des3 -out client.key 4096

• $ openssl req -new -key client.key -out client.csr

• $ openssl x509 -req -days 365 -in client.csr -CA ca.crt -CAkey ca.key -set_serial 101 -out client.crt

For the rest follow the steps in the link. Managing the certificates for Chrome works the same as in the example for firefox that is mentioned.

Next, setup the server via:

https://www.digitalocean.com/community/tutorials/how-to-create-a-ssl-certificate-on-apache-for-ubuntu-14-04

Note that you have already created the server .crt and .key so you don't have to do that step anymore.