Documentation Contents

Unable To Use Certificates From the Browser For Client Authentication.


Symptoms

When running an applet in a browser using the Sun Java Runtime Environment (JRE) implementation, the applet is unable to use certificates from the browser for https client authentication.

Cause

The Java plug-in uses certificates for client authentication from a certificate store specific to the Sun Java Runtime Environment (JRE). The plug-in does not use the certificates from the browser certificate store.

Resolution

Client authentication in Java plug-in requires the client certificate store on the user disk, keystore type, and the password to access the client. The following three parameters should be provided with system properties:

-Djavax.net.ssl.keyStore=<client_keystore_file_path>
-Djavax.net.ssl.keyStorePassword=<password to access the client keystore file>
-Djavax.net.ssl.keyStoreType=<keystore_type>

These properties should be specified in the Advanced tab of the Java Control Panel.

To export a digital certificate from the browser certificate store into a file, perform the following steps:

  1. Open a browser window and click on Tools. Click the Internet Options submenu item.
  2. Click the Content tab.
  3. In the certificates section in the middle, click the Certificates button. The available certificates are shown in the dialog box.
  4. Select Client Authentication in the Intended Purpose drop down menu.
  5. Select the certificate you want to export.
  6. Click the Export button. The Certificate Manager Export Wizard starts.
  7. On the Welcome window, click Next.
  8. Keep the default to "Yes, export the private key" and click Next.
  9. Keep the default to "Personal Information Exchange - PKCS #12(.PFX)" and click Next.
  10. Type the required information in the Password window.
  11. Type the path and filename of the file to export. The system automatically gives the file a .pfx extension. Click Next.
  12. Review the information that you provided in above steps and click Finish.

Example:

If the user exports the certificate to a file called c:\certs\client.pfx, the required system properties will take the following values:

-Djavax.net.ssl.keyStore=c:\certs\client.pfx
-Djavax.net.ssl.keyStorePassword=<password to access the client keystore file c:\certs\client.pfx>
-Djavax.net.ssl.keyStoreType=pkcs12

Related Information

None.


Oracle and/or its affiliates Copyright © 1993, 2011, Oracle and/or its affiliates. All rights reserved.
Contact Us