Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

SSL connection with PKCS11

Status
Not open for further replies.

cdfly

Programmer
Jun 16, 2010
68
US
Hello,
I have an applet that needs to make a SSL connection to an IIS server so that it can upload some files.
The connection needs to use the users smart card.
I'm able to read the card and get the certs but when I try to make the connection I get a "HTTP Error 403.7 - Forbidden: SSL client certificate is required. Internet Information Services (IIS)" error.
Here is a portion of the code.
Can anyone see a problems with it? Also since the user is already connected to the website using their smart card is there away to use the credentials from that connection?

Code:
      //I have already set the provider and properties to read 
         the smart card
      String aSmartCardPIN="password";
      char[] pin = aSmartCardPIN.toCharArray();
      KeyManagerFactory keyManagerFactory =  
         KeyManagerFactory.getInstance("SunX509");
      // Read the keystore form the smart card
      KeyStore keyStore = KeyStore.getInstance("PKCS11");
      keyStore.load(null, pin);
      //This works, I have verified that the certs from the smart
       card are in the keystore
      //Add to keystore to key manager
      keyManagerFactory.init(keyStore, pin);	
      //Create the context
      SSLContext context = SSLContext.getInstance("SSL");
      context.init(keyManagerFactory.getKeyManagers(), null, new  
        SecureRandom());
       //Create a socket factory
       SSLSocketFactory sf = context.getSocketFactory();
      //Create the socket
      Socket =ret=sf.createSocket(host, port);
      //From here I just make the connection
 
Thanks for the link Dian- What they are covering doesn't seem to work but I'll keep look at it.
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top