Java Tls No Suitable Certificate Found Continuing Without Client Authentication
Menu ▾ ▴
Unable to create ws client
2020-11-26
2020-12-01
-
Your issue is noted in the log above:
"Warning: no suitable certificate found - continuing without client authentication"The recommended way is to use clientToolBox to test first so that you know everything is working as it should, then you can start with your own code.
Are you using superadmin certificate for the Java code as well? Then it's a matter of your java code not doing client certificate authentication.
If you are using a certificate issued by another CA than superadmin you need to add this CA to the truststore.jks in JBoss/WildFly (there is a helper command for this 'ant javatruststore').Cheers,
Tomas
Save time and money with an Enterprise support subscription. Please see www.primekey.com for more information.
https://www.primekey.com/products/software/If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
-
Hi Tomas,
I moved to docker ejbca (https://hub.docker.com/r/primekey/ejbca-ce) due to a poorly configured server.
New wsdl is deployed to location https://xxx:18443/ejbca/ejbcaws/ejbcaws?wsdl and everything is working fine (tested using SoapUI - auth with p12).
Unfortunately I still can't successfully invoke service methods. When I create a client and call the getTemplates method, I get an error:
org.ejbca.core.protocol.ws.client.gen.AuthorizationDeniedException_Exception: Error no client certificate received used for authentication.Bellow is code snippet:
System . setProperty ( "javax.net.ssl.trustStore" , CAProxyProperties . getInstance (). getEjbcaWSTrustStore ()); System . setProperty ( "javax.net.ssl.trustStorePassword" , CAProxyProperties . getInstance (). getEjbcaWSTrustStorePassword ()); System . setProperty ( "javax.net.ssl.keyStore" , CAProxyProperties . getInstance (). getEjbcaWSKeyStore ()); System . setProperty ( "javax.net.ssl.keyStorePassword" , CAProxyProperties . getInstance (). getEjbcaWSKeyStorePassword ()); QName qname = new QName ( EJBCAWS_NAMESPACE_URI , EJBCAWS_SERVICE_NAME ); client = new EjbcaWSService ( new URL ( CAProxyProperties . getInstance (). getEjbcaWSUrl ()), qname ); port = client . getEjbcaWSPort ();
truststore & keystore = superadmin.p12
Thanks,
PaskalIf you would like to refer to this comment somewhere else in this project, copy and paste the following link:
-
I hope your
CAProxyProperties.getInstance().getEjbcaWSUrl() is port 8443?I assume here that it works with clientToolBox as well using the same certificate?
You will have to enable (TLS) debugging of your client.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
-
After changing the javax.net.ssl.trustStore to ManagementCA-chain.jks everything worked!
Can you give me advice on how to configure CA to support DNAME with two SERIALNUMBERs like:
SERIALNUMBER=12312313, CN=Mislav Komic, STREET=TEST, L=TEST, SERIALNUMBER=12332123123, O=TEST, STREET=Ilica 28, L=ZagrebThanks,
PaskalIf you would like to refer to this comment somewhere else in this project, copy and paste the following link:
-
Add multiple serialNumber fields in the end entity profile to allow it (that's your local policy enforcement).
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Log in to post a comment.
Source: https://sourceforge.net/p/ejbca/discussion/123122/thread/8eea1ac603/
Hi,
I'm trying to make webservice call from my java application to ejbca but I'm constantly getting bad_certificate exception. EJBCA is configured fine and java code is based on documentation.
I'm able to connect to web admin console throw browser with my superadmin certificate, as well as, make a command call throw ejbcawsracli.
c_client command is working fine:
openssl s_client -connect 10.135.11.39:8443 -cert superadmin.cer -key superadmin.pem
Bellow is SSL debug log from my java application:
Could you, please, provide some help?
If you would like to refer to this comment somewhere else in this project, copy and paste the following link: