Page 1 of 1
Client-Server credential mismatch
Posted: Sat Apr 17, 2004 2:59 pm
by ronrudman
I have unreal running with SSL support, using the pem files generated via openssl from Config. I need to use a java chat client that is signed using a key/cert generated by Sun's "keytool".
Can the client and server parts of this equation indeed be independent like this or does one component need to use the credentials of the other? As it stands, the client says it can't find a trusted cert, even though I've imported both the client cert and the unreal cert into java's security/cacerts file.
Posted: Sat Apr 17, 2004 3:43 pm
by codemastr
Umm, a signed Java applet has nothing to do with SSL. So I'm not really sure how to answer this.
Posted: Sat Apr 17, 2004 8:47 pm
by AngryWolf
Well, if you are saying the Java client software supports SSL, then usually you only have to do only one thing: configure the client to trust in the server's certificate. (The client cert can be whatever you want, as long as UnrealIRCd doesn't want to verify it.)
Posted: Sat Apr 17, 2004 8:53 pm
by ronrudman
Ah, OK I'll try that. In the other direction, if I wanted unreal to validate the client's cert, is that where the set paramater "trusted-ca-file" is used? What should that file look like? Is it the cat of the printable version of all necessary certs?
Posted: Mon Apr 19, 2004 6:51 am
by Ron2K
ronrudman wrote:In the other direction, if I wanted unreal to validate the client's cert, is that where the set paramater "trusted-ca-file" is used?
Quoting directly from teh manual:
set::ssl::options::fail-if-no-clientcert;
Forces clients that do not have a certificate to be denied.
set::ssl::options::no-self-signed;
Disallows connections from people with self-signed certificates.
set::ssl::options::verify-certificate;
Makes Unreal determine if the SSL certificate is valid before allowing connection.
Unfortunately I can't answer the rest of your question.