I have created a keypair with keytool for client authentication. From this file I exported the public key as certificate for the server to authenticate the client.
Client setup:
Loaded the server certificate into a truststore file and used the keystore file as keystore. The client works when I load truststore and keystore via code with SSLContext and using Apache HttpClient:
KeyStore keyStore = KeyStore.getInstance("JKS");
keyStore.load(new FileInputStream("keystore"), keyPassphrase.toCharArray());
SSLContext sslcontext = SSLContexts.custom()
.loadTrustMaterial(new File("truststore"), trustPassphrase.toCharArray(),
new TrustSelfSignedStrategy())
.loadKeyMaterial(keyStore,keyPassphrase.toCharArray())
.build();
SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(
sslcontext,
new String[] {"TLSv1"},
null,
SSLConnectionSocketFactory.getDefaultHostnameVerifier());
CloseableHttpClient httpclient = HttpClients.custom()
.setSSLSocketFactory(sslsf)
.build();
The ssl output shows that the client presents the certificate chain. Setting the keystore with SoapUI also works fine.
My Problem: Providing the same truststore and keystore via vm-arguments (not using SSLContext) I see that the client doesn't present the certificate chain in the ssl output.
VM args:
-Djavax.net.debug=ssl
-Djavax.net.ssl.keyStoreType=JKS
-Djavax.net.ssl.keyStore=keystore
-Djavax.net.ssl.keyStorePassword=keystorepw
-Djavax.net.ssl.trustStoreType=jks
-Djavax.net.ssl.trustStore=truststore
-Djavax.net.ssl.trustStorePassword=truststorepw
