Two way authorization with PFX file

前端 未结 2 546
夕颜
夕颜 2021-01-15 02:44

I have a problem with two-way authentication. I Use tomcat6 as a server and as a client I try IE, Firefox and my own java application.

The problem occurs using PFX c

2条回答
  •  伪装坚强ぢ
    2021-01-15 03:12

    Take a closer look at your client certificates, in particular the X509v3 extensions "Key Usage" and "Extended Key Usage". They may be marked as not trusted for client authentication.

    Using the openssl command-line tool:

    $ openssl pkcs12 -in server-only.pfx -nokeys | openssl x509 -noout -purpose
    Enter Import Password:
    MAC verified OK
    Certificate purposes:
    SSL client : No
    SSL client CA : No
    SSL server : Yes
    SSL server CA : No
    

    This certificate is only signed for server authentication (normal HTTPS). For full details, use the -text option in openssl x509:

    $ openssl pkcs12 -in server-only.pfx -nokeys | openssl x509 -noout -text
      [..snip..]
            X509v3 Key Usage: 
                Digital Signature, Key Encipherment
            X509v3 Extended Key Usage: 
                TLS Web Server Authentication
      [..snip..]
    

    If this is the case, you're going to have to ask to get a new signed certificate that is marked for client authentication use.

提交回复
热议问题