Eclipse Community Forums
Forum Search:

Search      Help    Register    Login    Home
Home » Archived » OHF » SSL with NIST Server
SSL with NIST Server [message #46784] Tue, 26 August 2008 10:33 Go to next message
Stefan S. is currently offline Stefan S.
Messages: 22
Registered: July 2009
Junior Member
Hi Everybody!

I am tying to write some code in order to "speak" or "interact" with the
NIST Public Registry as well as the NIST Public Repository (both available
under http://129.6.24.109:9080/ or in the secure case
https://129.6.24.109:9443/) in Secure Mode, using TLS (SSL).

For me, this rose some great problems! ;)

Basically here is what I did:

- Writing a simple Axis2 Client, that connects to the registry/repository.
- Calling https://129.6.24.109:9443/ from within Firefox, trusting the
certificate, exporting the certificate and importing it into my Java
truststore.

This works so far - but I get an exception like
"org.apache.axis2.AxisFault: Received fatal alert: bad_certificate".

My guess is that I receive this message from the server, because I have no
(client-) certificate to identify myself - the client - against the NIST
server.

I have the same problem when trying to connect to
https://129.6.24.109:9443/ with my Firefox. There I get the error message:
YOUR SSL-Certificate could not be verified (Error-Code:
ssl_error_bad_cert_alert).

So my basic question is:
Where and How can I obtain a client certificate to communicate with the
NIST server using SSL?

Hope someone can help me or provide some clever advices! ;)

Thanks in Advance for both your time and your knowledge!

Greetings
Stefan

P.S.: I am aware that this question is not really linked up to OHF, but
you guys are always so friendly that I thought about giving it a try! ;)
Re: SSL with NIST Server [message #46814 is a reply to message #46784] Tue, 26 August 2008 11:35 Go to previous message
Matthew Davis
Messages: 269
Registered: July 2009
Senior Member
Hi Stefan,

Based on the certificate that's loaded right now, I think Bill Majurski
(who runs the NIST server) is running a private certificate for NHIN
tests. Your assumption is correct in that you will need a client
certificate - signed by a private key - that is in his server's trust
authority to 'authenticate' and connect.

You can contact Bill to ask about getting a client keystore (for the
private cert) / truststore that you can use to connect to NHIN right
now. His answer may be that he's not supporting general public TLS
tests at this time. As IHE MESA testing begins in a couple months,
there's no doubt he'll be taking actions to support TLS tests then.

-Matt


Stefan S. wrote:
> Hi Everybody!
>
> I am tying to write some code in order to "speak" or "interact" with the
> NIST Public Registry as well as the NIST Public Repository (both
> available under http://129.6.24.109:9080/ or in the secure case
> https://129.6.24.109:9443/) in Secure Mode, using TLS (SSL).
>
> For me, this rose some great problems! ;)
>
> Basically here is what I did:
>
> - Writing a simple Axis2 Client, that connects to the registry/repository.
> - Calling https://129.6.24.109:9443/ from within Firefox, trusting the
> certificate, exporting the certificate and importing it into my Java
> truststore.
>
> This works so far - but I get an exception like
> "org.apache.axis2.AxisFault: Received fatal alert: bad_certificate".
>
> My guess is that I receive this message from the server, because I have
> no (client-) certificate to identify myself - the client - against the
> NIST server.
>
> I have the same problem when trying to connect to
> https://129.6.24.109:9443/ with my Firefox. There I get the error
> message: YOUR SSL-Certificate could not be verified (Error-Code:
> ssl_error_bad_cert_alert).
>
> So my basic question is:
> Where and How can I obtain a client certificate to communicate with the
> NIST server using SSL?
>
> Hope someone can help me or provide some clever advices! ;)
> Thanks in Advance for both your time and your knowledge!
>
> Greetings
> Stefan
>
> P.S.: I am aware that this question is not really linked up to OHF, but
> you guys are always so friendly that I thought about giving it a try! ;)
>
Re: SSL with NIST Server [message #587186 is a reply to message #46784] Tue, 26 August 2008 11:35 Go to previous message
Matthew Davis
Messages: 269
Registered: July 2009
Senior Member
Hi Stefan,

Based on the certificate that's loaded right now, I think Bill Majurski
(who runs the NIST server) is running a private certificate for NHIN
tests. Your assumption is correct in that you will need a client
certificate - signed by a private key - that is in his server's trust
authority to 'authenticate' and connect.

You can contact Bill to ask about getting a client keystore (for the
private cert) / truststore that you can use to connect to NHIN right
now. His answer may be that he's not supporting general public TLS
tests at this time. As IHE MESA testing begins in a couple months,
there's no doubt he'll be taking actions to support TLS tests then.

-Matt


Stefan S. wrote:
> Hi Everybody!
>
> I am tying to write some code in order to "speak" or "interact" with the
> NIST Public Registry as well as the NIST Public Repository (both
> available under http://129.6.24.109:9080/ or in the secure case
> https://129.6.24.109:9443/) in Secure Mode, using TLS (SSL).
>
> For me, this rose some great problems! ;)
>
> Basically here is what I did:
>
> - Writing a simple Axis2 Client, that connects to the registry/repository.
> - Calling https://129.6.24.109:9443/ from within Firefox, trusting the
> certificate, exporting the certificate and importing it into my Java
> truststore.
>
> This works so far - but I get an exception like
> "org.apache.axis2.AxisFault: Received fatal alert: bad_certificate".
>
> My guess is that I receive this message from the server, because I have
> no (client-) certificate to identify myself - the client - against the
> NIST server.
>
> I have the same problem when trying to connect to
> https://129.6.24.109:9443/ with my Firefox. There I get the error
> message: YOUR SSL-Certificate could not be verified (Error-Code:
> ssl_error_bad_cert_alert).
>
> So my basic question is:
> Where and How can I obtain a client certificate to communicate with the
> NIST server using SSL?
>
> Hope someone can help me or provide some clever advices! ;)
> Thanks in Advance for both your time and your knowledge!
>
> Greetings
> Stefan
>
> P.S.: I am aware that this question is not really linked up to OHF, but
> you guys are always so friendly that I thought about giving it a try! ;)
>
Previous Topic:SSL with NIST Server
Next Topic:Return of IBM Infrastructure
Goto Forum:
  


Current Time: Sat Apr 19 11:46:08 EDT 2014

Powered by FUDForum. Page generated in 0.05449 seconds