none
[E2010][EWS][Java] - Push Notifications over SSL requiring client certificate for mutual authentication RRS feed

  • Question

  • Hi,

    My environment is: Exchange 2010 - Windows 2008 - EWS Java API

    I am working on receiving Push notifications securely over SSL and with mutual authentication where first push notification client (Exchange server - CAS) will verify server's certificate (my push notification receiver web service - JAX-WS HttpsServer), and then my web service asks client (exchange server) to present its certificate, overall both client and server authenticates eachother presenting their valid certificates.

    Without requiring client certificate, everything works fine, and my web service received oush notifications over HTTPS finely from exchange server.

    But when I enable client authentication and ask exchange server to present its certificate, Exchange does not return back its valid certificate, and so "bad_certificate" and "javax.net.ssl.SSLHandshakeException: null cert chain" errors occur during SSL handshake.

    I have self signed SSL certificates created using MakeCert tool and with "client authentication" as well as "server authentication" key usages (or intended purposes) enabled at exchange end. And corresponding public key is inserted in truststore of my push notification receiver web service.

    Could anyone please help me to get out of this error ? Are there any limitations from exchnage server end that it cannot present its certificate for mutual client authentication purpose ?

    If any more details are needed, please feel free to ask.

    Thank you very much.


    Nimesh

    Thursday, April 5, 2012 8:10 AM

All replies

  • I have tried creating and installing certificates many different ways, But exchange never presents its certificate (my eventserver wants to authenticate exchange as an authorized client and so asks exchange server to present its certificate, Exchange server pushes notifications to my eventserver).

    I also wrote a test client in Java using same certificate which exchange has, and pushes dummy notifications to my event server, and my test client is able to present its certificate and so mutual authenitication completes successfully, but in same case exchange does not present its valid certificate even though it is present.

    So, probably from my perspective, Either this is a imitation from exchange server end that it cannot present its certificate meant to be client certificate for mutual authentication, OR there is something very special that needs to be done for exchange to be able to present its certificate. Probability of exchange limitation looks higher to me.

    If anyone has faced this scenario and knows more details, could please help here. Or if some exchaneg developer or specialist please confirm if this is a limitation from exchange ?


    Nimesh

    Tuesday, April 10, 2012 8:26 AM