"Acceptable client certificate" message in a two way SSL handshake.
Article ID: KB0093010
Updated On:
| Products | Versions |
|---|---|
| TIBCO ActiveMatrix BusinessWorks | - |
| Not Applicable | - |
Description
Resolution:
In a two way SSL handshake, the Server has to present a list of Accepted Client Certificate Names for the client to be able to pick up a Client certificate from the Cert Pool and present it to the Server. You will see "Acceptable client certificate " in the following message.
This is taken from OpenSSL:
{
Server certificate
subject=/C=US/ST=Ohio/L=Columbus/O=Limited Brands, Inc/CN=*.lbidts.com
issuer=/C=US/O=GeoTrust Inc./CN=GeoTrust SSL CA - G2
---
Acceptable client certificate CA names
/DC=com/DC=brands/DC=Limited/CN=CA1
}
BW does not use the text, "Acceptable client certificate". If you enable SSL tracing and use J2SE as the security vendor, you will find the following:
*** CertificateRequest
Cert Types: RSA, DSS
Cert Authorities:
<CN=ClientSideDSA, OU=BW Team, O=Tibco, L=Palo Alto, ST=California, C=US>
*** ServerHelloDone
Note that "Acceptable client certificate CA names" is an openSSL
specific log entry. BW uses "CertificateRequest", which is equivalent to "Acceptable client certificate CA names".
Issue/Introduction
"Acceptable client certificate" message in a two way SSL handshake.
Feedback
Yes
No
Powered by
