Dear all,
I think this can be interesting to others, so let me publish here an
example of a HTTPS access to the web server, which demands a client
authentication with a digital certificate.
1. From provider of web service we got a digital certificate demoWS.pfx
(sometimes also .p12) in PKCS#12 format. It includes both the
certificate and private key. This can be imported to your web browser to
authenticate the web request the same way. Do that first to be sure a
certificate actually works.
2. Convert the .pfx to a .pem format, which can be read from VisualWorks
(.pfx cannot yet):
openssl pkcs12 -in demoWS.pfx -out demoWS.pem -nodes
We'll be asked for a password with which a .pfx certificate is
protected. -nodes means that a private key won't be password protected
in .pem. Be aware that we have a private key now almost in plain!
3. Now we can call our web server and authenticate with our certificate:
| client certificates response |
client := Net.HttpClient new.
client useSecureConnection.
certificates := Security.X509.CertificateFileReader
readFromFile: 'demoWS.pem'.
client sslContext
certificate: (certificates at: 3)
key: (certificates at: 1) asKey.
response := client get: '
https://www.secureserver.org'.
^response
The demoWS.pem in our case contains three things in that order:
1:Private key certificate, 2: CA certificate, 3: client certificate.
That's why we use (certificates at: 3) etc. Also, don't forget to send
#asKey to the private key certificate, to get a plain RSA private key.
Hope this helps to document SSL client authentication a bit better. Of
course it would be just nice to have such section in VE docs ..
Best regards
Janko
--
Janko Mivšek
AIDA/Web
Smalltalk Web Application Server
http://www.aidaweb.si_______________________________________________
vwnc mailing list
[hidden email]
http://lists.cs.uiuc.edu/mailman/listinfo/vwnc
Locked
