This really isn't the right forum for this question. Surely
there is a JSSE mailing list.
"E Alaknantha" <EAlaknantha(_at_)novell(_dot_)com> writes:
I am working with JSSE for SSL communications. I am facing some
problems in doing the mutual authentication with the server certificates
exported to the PFX format.
I am doing a mutual authentication by intiialising the keystores with
the PFX file and the truststores with the DER file all in the PKCS12
But only one side authentication is happening. The client does not send
its public certificate to the server and hence getting a null
certificate received exception.
It would be greatly helpful if I could get some suggestions on this
fronts. First of all I want to confirm if the PKCS12 form supports
Let's take a step back.
PKCS12/PFX is just a carrier for keying material. It doesn't
support or not support mutual authentication. If both sides
have suitable keying material than mutual authentication is
posssible. Otherwise it is not.
The way that authentication works with SSL/TLS is that you have
required server auth but optional client auth.  The server
automatically sends its certificate. If the server wants to
authenticate the client it sends a CertificateRequest message
containing a list of suitable CAs. If the client has a suitable
certificate it sends that, otherwise it sends an empty certificate
message or an alert indicating that it won't client authenticate.
Most SSL implementations do not ask for client authentication by
default. Have you set the configuration flag that tells JSSE
to do so?
 There are actually anonymous modes where neither server or
client authenticates but these are very rarely used.
[Eric Rescorla ekr(_at_)rtfm(_dot_)com]
Author of "SSL and TLS: Designing and Building Secure Systems"