|
| Re: SSL with NIST Server [message #46814 is a reply to message #46784] |
Tue, 26 August 2008 15:35  |
Matthew Davis
Messages: 269
Registered: July 2009 |
Senior Member |
|
|
Hi Stefan,
Based on the certificate that's loaded right now, I think Bill Majurski
(who runs the NIST server) is running a private certificate for NHIN
tests. Your assumption is correct in that you will need a client
certificate - signed by a private key - that is in his server's trust
authority to 'authenticate' and connect.
You can contact Bill to ask about getting a client keystore (for the
private cert) / truststore that you can use to connect to NHIN right
now. His answer may be that he's not supporting general public TLS
tests at this time. As IHE MESA testing begins in a couple months,
there's no doubt he'll be taking actions to support TLS tests then.
-Matt
Stefan S. wrote:
> Hi Everybody!
>
> I am tying to write some code in order to "speak" or "interact" with the
> NIST Public Registry as well as the NIST Public Repository (both
> available under http://129.6.24.109:9080/ or in the secure case
> https://129.6.24.109:9443/) in Secure Mode, using TLS (SSL).
>
> For me, this rose some great problems! ;)
>
> Basically here is what I did:
>
> - Writing a simple Axis2 Client, that connects to the registry/repository.
> - Calling https://129.6.24.109:9443/ from within Firefox, trusting the
> certificate, exporting the certificate and importing it into my Java
> truststore.
>
> This works so far - but I get an exception like
> "org.apache.axis2.AxisFault: Received fatal alert: bad_certificate".
>
> My guess is that I receive this message from the server, because I have
> no (client-) certificate to identify myself - the client - against the
> NIST server.
>
> I have the same problem when trying to connect to
> https://129.6.24.109:9443/ with my Firefox. There I get the error
> message: YOUR SSL-Certificate could not be verified (Error-Code:
> ssl_error_bad_cert_alert).
>
> So my basic question is:
> Where and How can I obtain a client certificate to communicate with the
> NIST server using SSL?
>
> Hope someone can help me or provide some clever advices! ;)
> Thanks in Advance for both your time and your knowledge!
>
> Greetings
> Stefan
>
> P.S.: I am aware that this question is not really linked up to OHF, but
> you guys are always so friendly that I thought about giving it a try! ;)
>
|
|
|
| Re: SSL with NIST Server [message #587186 is a reply to message #46784] |
Tue, 26 August 2008 15:35 |
Matthew Davis
Messages: 269
Registered: July 2009 |
Senior Member |
|
|
Hi Stefan,
Based on the certificate that's loaded right now, I think Bill Majurski
(who runs the NIST server) is running a private certificate for NHIN
tests. Your assumption is correct in that you will need a client
certificate - signed by a private key - that is in his server's trust
authority to 'authenticate' and connect.
You can contact Bill to ask about getting a client keystore (for the
private cert) / truststore that you can use to connect to NHIN right
now. His answer may be that he's not supporting general public TLS
tests at this time. As IHE MESA testing begins in a couple months,
there's no doubt he'll be taking actions to support TLS tests then.
-Matt
Stefan S. wrote:
> Hi Everybody!
>
> I am tying to write some code in order to "speak" or "interact" with the
> NIST Public Registry as well as the NIST Public Repository (both
> available under http://129.6.24.109:9080/ or in the secure case
> https://129.6.24.109:9443/) in Secure Mode, using TLS (SSL).
>
> For me, this rose some great problems! ;)
>
> Basically here is what I did:
>
> - Writing a simple Axis2 Client, that connects to the registry/repository.
> - Calling https://129.6.24.109:9443/ from within Firefox, trusting the
> certificate, exporting the certificate and importing it into my Java
> truststore.
>
> This works so far - but I get an exception like
> "org.apache.axis2.AxisFault: Received fatal alert: bad_certificate".
>
> My guess is that I receive this message from the server, because I have
> no (client-) certificate to identify myself - the client - against the
> NIST server.
>
> I have the same problem when trying to connect to
> https://129.6.24.109:9443/ with my Firefox. There I get the error
> message: YOUR SSL-Certificate could not be verified (Error-Code:
> ssl_error_bad_cert_alert).
>
> So my basic question is:
> Where and How can I obtain a client certificate to communicate with the
> NIST server using SSL?
>
> Hope someone can help me or provide some clever advices! ;)
> Thanks in Advance for both your time and your knowledge!
>
> Greetings
> Stefan
>
> P.S.: I am aware that this question is not really linked up to OHF, but
> you guys are always so friendly that I thought about giving it a try! ;)
>
|
|
|
Powered by
FUDForum. Page generated in 0.03258 seconds
] 
Search
Help
Register
Login
Home
