Hi Bernhard,
Thanks for your response.
Thanks for your response.
We have already purchased the certificate. But we do not have have private key with us. because we have submitted the csr request from CA's website.
My client is not Browser. It is JAVA application. Now, Can I use this certificate with my JAVA clients with out private key? will client authendication work without private key?
-BabuOn 10/30/06, Bernhard Froehlich <[EMAIL PROTECTED]> wrote:
Eshwaramoorthy Babu wrote:
>
> Hi,
>
> We have a JAVA SSL client talking to HTTP Server.
>
> The server side ssl is working fine. Now we are planning to use client
> authendication(server authendicating client).
>
> I spoke to the certificate provider (comtrust) regerding this. He
> suggested me to purchace a user certificate.
> They also said for this user certificate private key is not required.
> I just need to submit online form from their website. No csr is required.
>
> NowI will not be having private key in client's certificate store
> instead I will only have the User certificate from comtrust.
> Will the above work??
>
> My understanding is the certificate store should also have the private
> key.
>
Of course client certificates are also issued for a public/private key
pair and (usually) need some kind of CSR. The only technical difference
between client and server certificates is which data is included in the
X509 certificate.
But if you are using standard browsers it is considerably simpler to
issue client certificates, since the process of generating a key pair
and the corresponding CSR can be automated in a web application. So the
user just goes to a web page, enters his/her data into a form and
presses a Button (and maybe answers some "Are you sure" dialogs) to
generate a key and CSR, which is then stored internally by the browser.
And after the certificate is generated it can be imported by pointing
the Browser to a specific URL.
Somehow it can be said that there is no CSR since the user never gets to
see one. ;)
One thing to remember when using such techniques is, that the new
certificate can only imported by "exactly" the same browser (usually the
same browser on the same computer and the same user account) where the
initial request has been made. And if you need the same certificate on
another computer you probably have to export the certificate on the one
computer and import it on the other one. Or use a server stored
certificate storage.
>
> Thanks,
> Babu
>
Hope it helps.
Ted
;)
--
PGP Public Key Information
Download complete Key from http://www.convey.de/ted/tedkey_convey.asc
Key fingerprint = 31B0 E029 BCF9 6605 DAC1 B2E1 0CC8 70F4 7AFB 8D26
