2

I setup 2way ssl with Camel and CXF using the http conduit element etc. I make a webservice call to an external party. All certificates are correctly installed (incoming traffic is succesfull, this is configured in Tomcat). After this post about secure renegotiation I finally received a response from the other party: HTTP response 403, forbidden.

I've been debugging with javax.net.debug=all and this excellent explanation. I can see in the logging that a secure connection is succesfully setup:

*** Finished
verify_data:  { 141, 25, 184, 254, 93, 9, 10, 48, 135, 161, 213, 57 }
***
%% Cached client session: [Session-2, SSL_RSA_WITH_RC4_128_MD5]

and no other errors or warnings. How can I verify if my client certificate is sent to the server? (I can't use Wireshark but I have the javax.net.debug logging)

Community
  • 1
  • 1
Nicolas Mommaerts
  • 3,107
  • 3
  • 34
  • 53

1 Answers1

2

I found the answer in this post and by comparing the javax.net.debug output to the client auth example. I don't see CertificateVerify in my log, only the one way ssl steps, so there is no client certificate sent.

The cause was that I copied the CXF http conduit example from their website, but somehow the ciphersuite filter it contained was too strict.

Community
  • 1
  • 1
Nicolas Mommaerts
  • 3,107
  • 3
  • 34
  • 53