Client-Server credential mismatch

ronrudman · Post by **ronrudman** » Sat Apr 17, 2004 2:59 pm

I have unreal running with SSL support, using the pem files generated via openssl from Config. I need to use a java chat client that is signed using a key/cert generated by Sun's "keytool".

Can the client and server parts of this equation indeed be independent like this or does one component need to use the credentials of the other? As it stands, the client says it can't find a trusted cert, even though I've imported both the client cert and the unreal cert into java's security/cacerts file.

codemastr · Post by **codemastr** » Sat Apr 17, 2004 3:43 pm

Umm, a signed Java applet has nothing to do with SSL. So I'm not really sure how to answer this.

AngryWolf · Post by **AngryWolf** » Sat Apr 17, 2004 8:47 pm

Well, if you are saying the Java client software supports SSL, then usually you only have to do only one thing: configure the client to trust in the server's certificate. (The client cert can be whatever you want, as long as UnrealIRCd doesn't want to verify it.)

ronrudman · Post by **ronrudman** » Sat Apr 17, 2004 8:53 pm

Ah, OK I'll try that. In the other direction, if I wanted unreal to validate the client's cert, is that where the set paramater "trusted-ca-file" is used? What should that file look like? Is it the cat of the printable version of all necessary certs?

Ron2K · Post by **Ron2K** » Mon Apr 19, 2004 6:51 am

ronrudman wrote:In the other direction, if I wanted unreal to validate the client's cert, is that where the set paramater "trusted-ca-file" is used?

Quoting directly from teh manual:

set::ssl::options::fail-if-no-clientcert;
Forces clients that do not have a certificate to be denied.

set::ssl::options::no-self-signed;
Disallows connections from people with self-signed certificates.

set::ssl::options::verify-certificate;
Makes Unreal determine if the SSL certificate is valid before allowing connection.

Unfortunately I can't answer the rest of your question.