JDK Tutorials - Herong's Tutorial Examples - Version 6.02, by Dr. Herong Yang
What Is SSL Client Authentication?
This section provides a quick introduction to SSL client authentication, which is needed if the SSL server wants the client's identity to be authenticated.
As I mentioned earlier in this book, the SSL handshake process follows these steps:
Client Server Client Hello --> <-- Server Hello <-- Server Certificate (optional) <-- Server Key Exchange (optional) <-- Certificate Request (optional) Certificate --> Client Key Exchange --> Certificate Verify --> Change Cipher Spec --> Finished --> <-- Change Cipher Spec <-- Finished
Two identity authentications may happen during this process:
1. Server Authentication - Server program must have access to the server's "full" certificate, which contains the server's identity, public key and private key. During handshake process, the server will extract the server's "public" certificate and send it to the client. On the client side, the client program must be able to authenticate the server's identity by validating the server's "public" certificate. One way to identify the server's identity is to install server's "public" certificate to client program as a trusted certificate. Server authentication seems to be always required.
2. Client Authentication - This is the 100% mirror process of server authentication. However, client authentication is optional for SSL communication.
Last update: 2014.
Table of Contents
Downloading and Installing JDK 1.8.0 on Windows
Downloading and Installing JDK 1.7.0 on Windows
Downloading and Installing JDK 1.6.2 on Windows
Date, Time and Calendar Classes
Date and Time Object and String Conversion
Number Object and Numeric String Conversion
Locales, Localization Methods and Resource Bundles
Calling and Importing Classes Defined in Unnamed Packages
HashSet, Vector, HashMap and Collection Classes
Character Set Encoding Classes and Methods
Encoding Conversion Programs for Encoded Text Files
Datagram Network Communication
DOM (Document Object Model) - API for XML Files
DTD (Document Type Definition) - XML Validation
XSD (XML Schema Definition) - XML Validation
XSL (Extensible Stylesheet Language)
Message Digest Algorithm Implementations in JDK
Private key and Public Key Pair Generation
PKCS#8/X.509 Private/Public Encoding Standards
Digital Signature Algorithm and Sample Program
"keytool" Commands and "keystore" Files
KeyStore and Certificate Classes
Secret Key Generation and Management
Cipher - Secret Key Encryption and Decryption
The SSL (Secure Socket Layer) Protocol
SSL Socket Communication Testing Programs
►What Is SSL Client Authentication?
Preparing Certificates for Client Authentication
Test Server Program for Client Authentication
Test Client Program for Client Authentication
SSL Client Authentication Test Result