Our client need connect server with Two-way SSL authentication.In my case,I use 'keytool -genkey' to generate a keystore and use 'keytool -certreq' to export a csr file.The server side get my csr file and sign it by a CA,and then return me a new cer file signed by CA and the Root CA cer. The question is how should I update my keystore to finish the server side authentication? Here is my step to generate keystore.
keytool -genkey -alias client -keyalg RSA -keystore D://key/client.keystore -validity 3650
keytool -certreq -alias client -keystore D://key/client.keystore -file client.csr
Using wireshark,I can find my client send a cert that was generated by my keystore which is self-signed,but the server side actually import the cer file which is signed by CA as the client cer into it's truststore,this made the handshake fail everytime.
PS:The server's cer file is already import to my truststore,so the question is only on the client cer file.Here is the wireshake capture
You need to import the signed certificate and chain into the same keystore that generated the keypair and CSR, using the same alias, and not using the
-trustcacertsoption.However your capture shows that the problem is with the server certficate. The client certificate hasn't even been asked for, let alone sent.