I need client certification in server

> On Fri, Jul 4, 2008 at 3:13 PM, Viktor Balázs <viktor.balazs@...>
> wrote:
> > How can I get client certification on MINA server? I'm using MINA
> 2.0.0-M1,
> > and I created a server with SSL/TLS and I need the remote certification
> of
> > connected clients. I found local (server) certification in
> SSLSessionImpl...
>
> Here's how we do it in FtpServer. Note that in this case the method
> lives in a subclass of IoSession, but you could of course do it from
> anywhere you like as long as you call getFilterChain() on your
> session.
>    public Certificate[] getClientCertificates() {
>        if(getFilterChain().contains("sslFilter")) {
>            SslFilter sslFilter = (SslFilter)
> getFilterChain().get("sslFilter");
>
>            SSLSession sslSession = sslFilter.getSslSession(this);
>
>            if(sslSession != null) {
>                try {
>                    return sslSession.getPeerCertificates();
>                } catch(SSLPeerUnverifiedException e) {
>                    // ignore, certificate will not be available to the
> session
>                }
>            }
>
>        }
>
>        // no certificates available
>        return null;
>
>    }
>
> /niklas
>

> On Fri, Jul 4, 2008 at 8:44 PM, Viktor Balázs <viktor.balazs@...>
> wrote:
> > I set sslFilter.setWantClientAuth(true) or
> sslFilter.setNeedClientAuth(true)
> > but I must import client's certificate to keystore, becuase I get
> exception.
> >
> > Don't I get client certificate when I set bot variable to false?
>
> No, I wouldn't think so. If the server doesn't request a client
> certificate, none will be sent during the SSL handshake and thus none
> will be available to the server.
>
> /niklas
>