I sent the email below yesterday, but I sent it before I completed the
subscription process for the openssl-users list. So, my guess is that it wasn't sent. If you're seeing again, my apologies. Thanks! Michael Bencoe Organization 9512 Sandia National Laboratories Phone: 505-844-6758 Fax: 505-844-2018 Email: [hidden email] -----Original Message----- From: Bencoe, Michael K Sent: Sunday, June 05, 2005 7:34 PM To: [hidden email] Subject: CA certificate authentication and more Our development team just completed a successful experiment using SSL and mutual certificate authentication between a Java socket server and a C++ socket client. The C++ client used OpenSSL, while the Java server used the SSL services provided with the 1.4 SDK. For the experiment, we created the certificate files/stores and key files/stores with OpenSSL and Java utilities. Our Java server is a servlet that will run under Weblogic. We recently learned that a CA-signed certificate signed by a major commercial CA (VeriSign, Entrust, etc.) will be used for the Weblogic servlet. Since our team is relatively new to SSL in general, and OpenSSL in particular, we had the following questions/requests: 1. Can anyone provide me a C or C++ code snippet for OpenSSL client authentication of a CA-signed server certificate? 2. We thought it would be good idea to use the Java cacerts store to authenticate the server certificate, since it is supposed to be able to authenticate all of the major CAs. We expect to have to convert cacerts to a format that OpenSSL prefers. So: a. Is this a good idea? If not, what is a better approach? b. Does the cacerts file need to be converted to a format OpenSSL perfers (e.g., PEM)? If so, could someone send me the syntax for the OpenSSL or Java (keytool) command that would be used to transform it? Thanks in advance for any help and guidance you can provide. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [hidden email] Automated List Manager [hidden email] |
Bencoe, Michael K wrote:
> Our development team just completed a successful experiment using SSL > and mutual certificate authentication between a Java socket server and a > C++ socket client. The C++ client used OpenSSL, while the Java server > used the SSL services provided with the 1.4 SDK. For the experiment, we > created the certificate files/stores and key files/stores with OpenSSL > and Java utilities. > I'm not a Java guy but be aware that the 1.4JDK only supports keys up to 1024 bits. If you need bigger key lengths (e.g., 2048, 4096) you'll need to go to 1.5+ -- Cheers! J. Wren Hunt Cambridge, MA. USA ------------ "I have never killed anyone, but I have read some obituaries with some satisfaction." - Clarence Darrow. +------------------------------------------------------------------+ | v-card http://wrenhunt.homelinux.org/data/wren.vcf | | x.509 http://wrenhunt.homelinux.org/data/thawte_wren_hunt.cer | | OpenPGP ADF5 1432 A59E 8F4D 4AE7 4DFE 03FA 91E1 4A24 D6F4 | +------------------------------------------------------------------+ |
Free forum by Nabble | Edit this page |