And the SSL subsystem in the browser also supports client authentication
internally, as well as that server authentication ...
> HotJava Browser currently does not
> support SSL client authentication so there is no supported way of
> setting up a client DSA or RSA certificate on the client side and using
> that to authenticate with the server.
"No supported way" is the critical phrase. Although the SSL subsystem
supports authentication of either end, that facility isn't supported
except for licencees of the SSL source code. (It relies on a "login"
facility to securely associate the private keys with certificate chains,
and also CA and certificate management support as needed to make it
all work. Some such infrastructure is now public in JDK 1.2; not all.)
So for example if you use SSL in a product like the Java Web Server
(uses the same SSL package!), that uses the "login" facility so that
client authentication works between servers. It also uses the CA and
certificate management infrastructure (with a nasty UI!) to let you
establish whose authentication you trust. HotJava only does some of
the latter part, none of the former.
At this time I understand that Sun doesn't ship the SSL subsystem as
a binary product, to be used outside of those products. That is, I
think, how you're trying to use this package.
- Dave
> One possibility would be to use
> a DSA certificate on the server side and then authenticate the client,
> if needed, through a traditional password-based approach.
>
> Jeff