Unable To Use Certificates From the Browser For Client Authentication.
SymptomsWhen running an applet in a browser using the Sun JavaTM Runtime Environment (JRETM) implementation, the applet is unable to use certificates from the browser for https client authentication.
Cause
The Java plug-in uses certificates for client authentication from a certificate store specific to the Sun JavaTM Runtime Environment (JRETM). The plug-in does not use the certificates from the browser certificate store.
Resolution
Client authentication in Java plug-in requires the client certificate store on the user disk, keystore type, and the password to access the client. The following three parameters should be provided with system properties:
-Djavax.net.ssl.keyStore=<client_keystore_file_path>
-Djavax.net.ssl.keyStorePassword=<password to access the client keystore file>
-Djavax.net.ssl.keyStoreType=<keystore_type>These properties should be specified in the Advanced tab of the Java Control Panel.
To export a digital certificate from the browser certificate store into a file, perform the following steps:
- Open a browser window and click on Tools. Click the Internet Options submenu item.
- Click the Content tab.
- In the certificates section in the middle, click the Certificates button. The available certificates are shown in the dialog box.
- Select Client Authentication in the Intended Purpose drop down menu.
- Select the certificate you want to export.
- Click the Export button. The Certificate Manager Export Wizard starts.
- On the Welcome window, click Next.
- Keep the default to "Yes, export the private key" and click Next.
- Keep the default to "Personal Information Exchange - PKCS #12(.PFX)" and click Next.
- Type the required information in the Password window.
- Type the path and filename of the file to export. The system automatically gives the file a
.pfx
extension. Click Next.- Review the information that you provided in above steps and click Finish.
Example:
If the user exports the certificate to a file called
c:\certs\client.pfx
and uses the passwordtest
to protect the.pfx
file, the required system properties will take the following values:
-Djavax.net.ssl.keyStore=c:\certs\client.pfx
-Djavax.net.ssl.keyStorePassword=test
-Djavax.net.ssl.keyStoreType=pkcs12Related Information
None.