JDK Tutorials - Herong's Tutorial Examples - Version 6.02, by Dr. Herong Yang

JDK Tutorials - Herong's Tutorial Examples

∟SSL Client Authentication

∟What Is SSL Client Authentication?

As I mentioned earlier in this book, the SSL handshake process follows these steps:

   Client                  Server
   
   Client Hello        -->   
                       <-- Server Hello
                       <-- Server Certificate (optional)
                       <-- Server Key Exchange (optional)
                       <-- Certificate Request (optional)
   Certificate         -->
   Client Key Exchange -->
   Certificate Verify  -->
   Change Cipher Spec  -->
   Finished            -->
                       <-- Change Cipher Spec
                       <-- Finished

Two identity authentications may happen during this process:

1. Server Authentication - Server program must have access to the server's "full" certificate, which contains the server's identity, public key and private key. During handshake process, the server will extract the server's "public" certificate and send it to the client. On the client side, the client program must be able to authenticate the server's identity by validating the server's "public" certificate. One way to identify the server's identity is to install server's "public" certificate to client program as a trusted certificate. Server authentication seems to be always required.

2. Client Authentication - This is the 100% mirror process of server authentication. However, client authentication is optional for SSL communication.

Last update: 2014.

Table of Contents

 About This JDK Tutorial Book

 Downloading and Installing JDK 1.8.0 on Windows

 Downloading and Installing JDK 1.7.0 on Windows

 Downloading and Installing JDK 1.6.2 on Windows

 Java Date-Time API

 Date, Time and Calendar Classes

 Date and Time Object and String Conversion

 Number Object and Numeric String Conversion

 Locales, Localization Methods and Resource Bundles

 Calling and Importing Classes Defined in Unnamed Packages

 HashSet, Vector, HashMap and Collection Classes

 Character Set Encoding Classes and Methods

 Character Set Encoding Maps

 Encoding Conversion Programs for Encoded Text Files

 Socket Network Communication

 Datagram Network Communication

 DOM (Document Object Model) - API for XML Files

 SAX (Simple API for XML)

 DTD (Document Type Definition) - XML Validation

 XSD (XML Schema Definition) - XML Validation

 XSL (Extensible Stylesheet Language)

 Message Digest Algorithm Implementations in JDK

 Private key and Public Key Pair Generation

 PKCS#8/X.509 Private/Public Encoding Standards

 Digital Signature Algorithm and Sample Program

 "keytool" Commands and "keystore" Files

 KeyStore and Certificate Classes

 Secret Key Generation and Management

 Cipher - Secret Key Encryption and Decryption

 The SSL (Secure Socket Layer) Protocol

 SSL Socket Communication Testing Programs

►SSL Client Authentication

►What Is SSL Client Authentication?

 Preparing Certificates for Client Authentication

 Test Server Program for Client Authentication

 Test Client Program for Client Authentication

 SSL Client Authentication Test Result

 HTTPS (Hypertext Transfer Protocol Secure)

 Outdated Tutorials

 References

 PDF Printing Version

What Is SSL Client Authentication? - Updated in 2017, by Dr. Herong Yang