双向验证时，客户端应该使用何种证书？ #876

ckz119 · 2024-10-10T09:02:21Z

如果是双向验证的话，tongsuo的客户端证书是加载加密证书还是签名证书？
加上客户端验证后，加载tongsuo项目提供的客户端签名证书和签名秘钥但是报错，错误信息：

加载客户端代码：

johnshajiang · 2024-10-10T10:47:52Z

如果是双向验证的话，tongsuo的客户端证书是加载加密证书还是签名证书？

对于TLCP协议，我以为客户端也应该提供两个证书。

meteor199 · 2024-10-17T09:50:29Z

也要两个证书。可以在 https://www.gmcrt.cn/gmcrt/index.jsp 生成测试证书。

keystore引入


        KeyStore keyStore = createStore();
        try (FileInputStream keyStoreIn = new FileInputStream(
                Paths.get(dirPath+"/clientKeystore.jks").toFile())) {
            keyStore.load(keyStoreIn, PASSWORD.toCharArray());
        }
        KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509", "Kona");
        kmf.init(keyStore, PASSWORD.toCharArray());

keystore生成


%JAVA_PATH% -cp ./jar/* com.tencent.kona.pkix.tool.KeyStoreTool ^
  -type JKS ^
  -alias enc ^
  -keyAlgo EC ^
  -key %CLIENT_PATH%/enc.key ^
  -certs %CLIENT_PATH%/enc.cer ^
  -store ./output/clientKeystore.jks ^
  -keyPasswd 123123 ^
  -storePasswd 123123 

echo "key store enc success"

@REM 生成keystore
%JAVA_PATH% -cp ./jar/* com.tencent.kona.pkix.tool.KeyStoreTool ^
  -type JKS ^
  -alias sig ^
  -keyAlgo EC ^
  -key %CLIENT_PATH%/sig.key ^
  -certs %CLIENT_PATH%/sig.cer ^
  -store ./output/clientKeystore.jks ^
  -keyPasswd 123123  ^
  -storePasswd 123123 

echo "key store sig success"

ckz119 · 2024-10-17T09:58:31Z

也要两个证书。可以在 https://www.gmcrt.cn/gmcrt/index.jsp 生成测试证书。

keystore引入


        KeyStore keyStore = createStore();
        try (FileInputStream keyStoreIn = new FileInputStream(
                Paths.get(dirPath+"/clientKeystore.jks").toFile())) {
            keyStore.load(keyStoreIn, PASSWORD.toCharArray());
        }
        KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509", "Kona");
        kmf.init(keyStore, PASSWORD.toCharArray());

密钥库生成


%JAVA_PATH% -cp ./jar/* com.tencent.kona.pkix.tool.KeyStoreTool ^
  -type JKS ^
  -alias enc ^
  -keyAlgo EC ^
  -key %CLIENT_PATH%/enc.key ^
  -certs %CLIENT_PATH%/enc.cer ^
  -store ./output/clientKeystore.jks ^
  -keyPasswd 123123 ^
  -storePasswd 123123 

echo "key store enc success"

@REM 生成keystore
%JAVA_PATH% -cp ./jar/* com.tencent.kona.pkix.tool.KeyStoreTool ^
  -type JKS ^
  -alias sig ^
  -keyAlgo EC ^
  -key %CLIENT_PATH%/sig.key ^
  -certs %CLIENT_PATH%/sig.cer ^
  -store ./output/clientKeystore.jks ^
  -keyPasswd 123123  ^
  -storePasswd 123123 

echo "key store sig success"

非常感谢你！

johnshajiang · 2024-10-24T02:40:24Z

@ckz119
如果该问题已经得到解答，请关闭该issue。

johnshajiang changed the title ~~@ckz119~~ 双向验证时，客户端应该使用何种证书？ Oct 10, 2024

johnshajiang self-assigned this Oct 11, 2024

johnshajiang added the question Further information is requested label Oct 11, 2024

johnshajiang mentioned this issue Oct 15, 2024

java 客户端采用kona-ssl连接异常 Tongsuo-Project/Tongsuo#657

Open

johnshajiang closed this as completed Oct 29, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

双向验证时，客户端应该使用何种证书？ #876

双向验证时，客户端应该使用何种证书？ #876

ckz119 commented Oct 10, 2024 •

edited by johnshajiang

Loading

johnshajiang commented Oct 10, 2024

meteor199 commented Oct 17, 2024

ckz119 commented Oct 17, 2024

johnshajiang commented Oct 24, 2024

双向验证时，客户端应该使用何种证书？ #876

双向验证时，客户端应该使用何种证书？ #876

Comments

ckz119 commented Oct 10, 2024 • edited by johnshajiang Loading

johnshajiang commented Oct 10, 2024

meteor199 commented Oct 17, 2024

ckz119 commented Oct 17, 2024

johnshajiang commented Oct 24, 2024

ckz119 commented Oct 10, 2024 •

edited by johnshajiang

Loading