Java Plug-in does not use the certificates in the browser certificate store for HTTPS client authentication.


Symptoms

Unable to use certificates from the browser for client authentication.

Cause

The Java Plug-in uses certificates for client authentication from a certificate store specific to the JRE. It does not use the certificates from the browser certificate store.

Resolution

Client authentication in Java Plug-in requires the client certificate store on the user disk, keystore type, and the password to access it. These three parameters should be provided with system properties as follows:

-Djavax.net.ssl.keyStore=<client_keystore_file_path>
-Djavax.net.ssl.keyStorePassword=<password to access the client keystore file>
-Djavax.net.ssl.keyStoreType=<keystore_type>

These properties should be specified in the Advanced tab of the Java Control Panel.

Here are the steps to export a digital certificate from the browser certificate store into a file:

  1. Open a browser window, click on Tools, then click the Internet Options submenu item.
  2. Click the Content tab.
  3. In the certificates section in the middle, click the Certificates button. The available certificates are shown in the dialog box.
  4. Select Client Authentication in the Intended Purpose drop down menu.
  5. Select the certificate you want to export.
  6. Click the Export button. The Certificate Manager Export Wizard starts.
  7. On the Welcome window, click Next.
  8. Keep the default to "Yes, export the private key" and click Next.
  9. Keep the default to "Personal Information Exchange - PKCS #12(.PFX)" and click Next.
  10. Complete the Password window.
  11. Type the path and filename of the file to export. The system automatically gives it a .pfx extension. Click Next.
  12. Review the information and click Finish.

Example:

If the user exports the certificate to a file called (path included) c:\certs\client.pfx and uses the password "test" to protect the .pfx file, the required system properties will take the following values:

-Djavax.net.ssl.keyStore=c:\certs\client.pfx
-Djavax.net.ssl.keyStorePassword=test
-Djavax.net.ssl.keyStoreType=pkcs12

Related Information

N/A