Re: [Simpleweb-Support] SSL client certificate request: Safari 5 problem?
Brought to you by:
niallg
Menu
▾
▴
Re: [Simpleweb-Support] SSL client certificate request: Safari 5 problem?
|
From: Bruno H. <Bru...@ma...> - 2010-07-08 22:58:00
|
Hi, SimpleWeb always requests (but doesn't require) a client certificate during the SSL handshake. Safari's client-certificate mechanism was broken (it wouldn't prompt when it should have) so that's probably why the message didn't appear in version 4. I guess this has been fixed in Safari 5 (but I haven't tried). For the certificate to be accepted, it would need to be verifiable by the server, so its emitter (or something higher up in the chain) should be in the server's trust store. If you're not really using client-certificate authentication and seeing this only as a side-effect of SimpleWeb requesting a client certificate by default (I think it's hard-coded in fact), I'd suggest clicking on Cancel rather than choosing a certificate. This shouldn't send a client-cert and thus the server wouldn't have to verify it. Best wishes, Bruno. On 08/07/2010 10:14, Andrew Barlow wrote: > Niall and Fabio kindly sent me links to example code for delivering web > content over SSL, see > http://sourceforge.net/mailarchive/forum.php?thread_name=AANLkTilp2LqrCGMJ5Io6hxFOJMLZqIYGNutDmYslm-gP%40mail.gmail.com&forum_name=simpleweb-support > <http://sourceforge.net/mailarchive/forum.php?thread_name=AANLkTilp2LqrCGMJ5Io6hxFOJMLZqIYGNutDmYslm-gP%40mail.gmail.com&forum_name=simpleweb-support>. > > As I need to use an existing signed certificate inside a Java keystore > I've adopted/adapted Fabio's example which reads from the keystore file. > > I have set the SSLContext to "TLS". > > I've tested against a keystore containing a bona-fide signed certificate > issued by Thawte and all is well across a range of browsers: Internet > Explorer on Windows and Firefox, Opera, Chrome on Windows and Mac. > > However on Safari 5 (but NOT 4) on the Mac I encounter a message asking > for a client certificate, see screenshot: > > > Upon selecting a certificate (doesn't matter which), Safari then gives a > message: > > "Safari can’t open the page “xxxx” because Safari can’t establish a > secure connection to the server “xxxx”. > > On Windows behaviour is slightly different, Safari 5 simply displays the > message without prompting for client certificate. > > As this works fine with other browsers, including earlier version of > Safari could this be an Safari 5 issue that needs to be addressed by Apple? > > Andy Barlow - Chief Technology Officer - MBCS CENG EURING CITP > > e: and...@sd... <mailto:and...@sd...> > t: +44 (0)7830 302 268 |
