|Applies To||RSA BSAFE SSL-C|
RSA BSAFE SSL-J
|Issue||How to connect RSA BSAFE SSL-J and SSL-C sample programs|
The RSA BSAFE SSL-C toolkit provides some simple example programs (and code) called 'server' and 'client', they demonstrate how to set up both ends of the connection and transfer some data. The SSL-J toolkit provides similar examples as 'SSLClient' and 'SSLServer'.
When connecting into the SSL-C 'server' program from the RSA BSAFE SSL-J 'SSLClient' program you get the error:
[SSLClient] Creating SSLSocket.
[SSLClient] Caught an exception.
com.rsa.ssl.AlertedException: Certificate unknown
|Cause||This is because the Root CA certificate that signed the server certificate used by the RSA BSAFE SSL-C 'server' program was not loaded by the SSL-J client. The SSL-C 'client' program works because it is configured not to actually do a certificate verification for the SSL handshake to be successful. The SSL-C 'server' program uses a data file called 'server.pem', however the root CA certificate for the SSL-C example is not present.|
|Resolution||The programmer should provide their own data for this system to work. At a minimum, they need 3 data items:|
1. A Root CA certificate
2. A private key for the server
3. A certificate for the server signed by the Root CA
On the SSL-C 'server' end, the three items are stored as B64 encoded items in the 'server.pem' file. At the SSL-J 'SSLClient' end, the Root CA certificate is stored in DER format in the 'certs' directory, note also that the 'AppletCode' class needs to be modified to include the name of this additional certificate.
See also: How to convert between PEM and DER format certificate files.
|Legacy Article ID||a386|