Hi, First of all, thanks for your answers. I think I didn't explain my problem very well (or perhaps i´m a bit lost :P), sorry for that. When I use a http connection or a https connection (with no client authentication) the applet works well and it can access firefox keystore. The problem appears If I add the line "clientAuth="true"" in server configuration file, then the client authentication is right when the browser access "normal" web content, but when i try to access the applet the java plugin shows a dialog window (before the applet starts) requiring to select a certificate to authenticate but the list was empty (without select a cert the applet doesn't start). I need this window shows the certs of firefox keystore (aside javaplugin keystore that is empty in my case). I started from:
http://java.sun.com/j2se/1.5.0/docs/guide/deployment/deployment-guide/keystores.html but i haven't got fine results. Thanks in advance. Regards, Abraham. 2007/9/20, Glen Beasley <[EMAIL PROTECTED]>: > > Nelson B wrote: > > Abraham wrote: > > > > > >> I have a problem with client authentication when I try to run an > applet. The > >> java plugin requires authentication but shows me a empty list (i > suppose it > >> can´t load firefox keystore). Importing certificates with Java Control > Panel > >> isn´t a solution because i want to use the browser smartcard support. > I´ve > >> installed jss (jss4.dll and jss directory with jss4.jar) but it doesn´t > >> work. > >> > > > > > > > In what manner doesn't it work? > > > > > Does your applet initialize JSS with the location to the FireFox dbs? > > After installing JSS your next step would be to initialize JSS and view > the certificates say modify > the following to work in your applet as test > http://mxr.mozilla.org/security/source/security/jss/org/mozilla/jss/tests/ListCACerts.java > > > > you could also choose not to use JSS and use SunPKCS11 to initialize NSS > http://java.sun.com/javase/6/docs/technotes/guides/security/p11guide.html > your applet would have to generate a pkcs11 config file for SunPKCS11 > that would specify the location of Firefox's NSS libraries and the > firefox database directory > > JSS does have an applet but does test the SunPKCS11-NSS > > http://mxr.mozilla.org/security/source/security/jss/org/mozilla/jss/tests/all.pl#317 > - creates pkcs11 config file > > http://mxr.mozilla.org/security/source/security/jss/org/mozilla/jss/tests/JSSE_SSLServer.java > - can be configured to use Sunpkcs11-NSS > > -glen > > > Long ago, in the Netscape Communicator 4 days, the Java engine was > > integrated with the browser, and JSS was integral to the browser. > > JSS was *the* means by which Java applet accessed the browser's > > facilities for https and for using certs for signatures, encryption, > etc. > > > > But today Java is not so integrated into the browser, and JSS is not a > > standard part of the browser either, IINM. So today, the JRE has no > > simple access to the browser's crypto capabilities. Installing JSS > > should still work (I think), but it's separate software that the user > > must install. The latest JDK/JRE has a new "JCE provider" that works > > with any PKCS#11 module, including NSS's softoken (one of the PKCS#11 > > modules built into mozilla browsers). It might work for you to use > > that PKCS#11 JCE provider to access the certs and keys in the browser's > > PKCS#11 module. > > > > I'll ask our JSS guru to add his own suggestions here. > > > > > >> Thanks in advance (and sorry for my english :P). > >> > > > > Your English was perfect. > > > > > >> Regards, Abraham > >> > > > > > > _______________________________________________ > dev-tech-crypto mailing list > dev-tech-crypto@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-tech-crypto > _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
