发表新帖
发表新帖

Warning: no suitable certificate found - continuing without client authentication

前端 未结
关注
4 1467
孤城傲影
孤城傲影 2020-12-09 18:43

Team I am facing following issue when try to complete a mutual handshake using HTTPS

main, READ: TLSv1.2 Handshake, length = 30
*** CertificateRequest
Cert T
相关标签:
4条回答
  • 清酒与你
    2020-12-09 19:07

    This is actually an area where the TLS 1.0 specification and TLS 1.1/1.2 differ.

    In particular, the following was added to Section 7.4.4 (Certificate Request) in TLS 1.1:

    If the certificate_authorities list is empty then the client MAY send any certificate of the appropriate ClientCertificateType, unless there is some external arrangement to the contrary.

    So empty Cert Authorities just means client is free to send any certificates to the server, which may or may not be accepted by server's internal rules.

    0 讨论(0)
  • 孤独总比滥情好
    2020-12-09 19:08
    1. The client was unable to find a certificate in its keystore that was signed directly or indirectly by any of the signers mentioned in the CertificateRequest message.
    2. The reason for that was that the server didn't specify any trusted signers in that message.
    3. Which in turn means that the server's truststore is empty.
    0 讨论(0)
  • 南旧
    2020-12-09 19:14

    I had a similar problem

    ServerHelloDone
    Warning: no suitable certificate found - continuing without client authentication

    Certificate chain

    For me problem was that I had incorrectly created keystore:

    keytool -importcert -keystore keystore.jks -alias client-cert -file client-cert.pem  -storepass password

    What helped me was:

    openssl pkcs12 -export -chain -in client-cert.pem  -inkey client-key.pem  -out keystore.p12 -name client-cert -CAfile ca-cert.pem
keytool -importkeystore -destkeystore keystore.jks -srckeystore keystore.p12 -alias client-cert

    I found this solution here: https://blogs.oracle.com/jtc/installing-trusted-certificates-into-a-java-keystore

    0 讨论(0)
  • 故里飘歌
    2020-12-09 19:17

    In my case, the problem turned out to be that I was passing in null as the password when loading my key store:

    KeyStore keyStore = KeyStore.getInstance("PKCS12")
InputStream inputStream = new FileInputStream('/path/to/mykeystore.p12')

try {
    keyStore.load(inputStream, null); // <-- PROBLEM HERE!
}
finally {
    inputStream.close();
}

    This didn't produce any error messages, but it silently failed to load the client key & certificate.

    The solution was to pass in the password:

    keyStore.load(inputStream as InputStream, 'mypassword'.toCharArray());
    0 讨论(0)
 看不清?
提交回复
热议问题