[vwnc] HTTPS with SSL Client Authentication - an example

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

[vwnc] HTTPS with SSL Client Authentication - an example

Janko Mivšek
Dear all,

I think this can be interesting to others, so let me publish here an
example of a HTTPS access to the web server, which demands a client
authentication with a digital certificate.

1. From provider of web service we got a digital certificate demoWS.pfx
(sometimes also .p12) in PKCS#12 format. It includes both the
certificate and private key. This can be imported to your web browser to
authenticate the web request the same way. Do that first to be sure a
certificate actually works.

2. Convert the .pfx to a .pem format, which can be read from VisualWorks
(.pfx cannot yet):

   openssl pkcs12 -in demoWS.pfx -out demoWS.pem -nodes

We'll be asked for a password with which a .pfx certificate is
protected. -nodes means that a private key won't be password protected
in .pem. Be aware that we have a private key now almost in plain!

3. Now we can call our web server and authenticate with our certificate:

  | client certificates response  |

  client := Net.HttpClient new.
  client useSecureConnection.

  certificates := Security.X509.CertificateFileReader
    readFromFile: 'demoWS.pem'.

  client sslContext
     certificate: (certificates at: 3)
     key: (certificates at: 1) asKey.

  response := client get: 'https://www.secureserver.org'.
  ^response

The demoWS.pem in our case contains three things in that order:
1:Private key certificate, 2: CA certificate, 3: client certificate.
That's why we use (certificates at: 3) etc. Also, don't forget to send
#asKey to the private key certificate, to get a plain RSA private key.

Hope this helps to document SSL client authentication a bit better. Of
course it would be just nice to have such section in VE docs ..

Best regards
Janko

       

--
Janko Mivšek
AIDA/Web
Smalltalk Web Application Server
http://www.aidaweb.si
_______________________________________________
vwnc mailing list
[hidden email]
http://lists.cs.uiuc.edu/mailman/listinfo/vwnc