Hello, I am new in Java and I am programming SSL Server.

I need to authenticate the clients with valid certs and then save some information about them by CN.
Also I need to use as client socat. My problem is, that every java tutorial
is using only keytool, and also if I export the certificate, I couldn't connect.

I tryed this ddj.com/184404478 tutorial. I need something like this socat stdio openssl-connect:127.0.0.1:8080,cafile=ca.crt,cert=client.c rt,
but I always get
2008/10/14 23:09:26 socat[954] E SSL_connect(): error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

What should I do for verify success? This is the portion of my code:

private static ServerSocketFactory createServerSocketFactory(String type) {
if (type.equals("TLS")) {
SSLServerSocketFactory ssf = null;
try {
// set up key manager to do server authentication
KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
KeyStore ks = KeyStore.getInstance("JKS");
char[] passphrase = "123456".toCharArray();
ks.load(new FileInputStream("testkeys"), passphrase);
kmf.init(ks, passphrase);
TrustManagerFactory tmf =
TrustManagerFactory.getInstance("SunX509");
tmf.init(ks);
SSLContext ctx = SSLContext.getInstance("TLS");
ctx.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
ssf = ctx.getServerSocketFactory();
return ssf;
} catch (Exception e) {
System.out.println("Error: " + e.getMessage());
e.printStackTrace();
} // try
} else {
return ServerSocketFactory.getDefault();
} // if
return null;
} // createServerSocketFactory


And it is invoked from main function:
try {
ServerSocketFactory ssf = SecureTCPServer.createServerSocketFactory(type);
ServerSocket ss = ssf.createServerSocket(DEFAULT_PORT);
if (type.equals("TLS")) {
((SSLServerSocket) ss).setNeedClientAuth(true);
}
acceptConnections(ss);
} catch (IOException e) {
System.out.println("Error: " + e.getMessage());
e.printStackTrace();
}

Thanks very much for your support. (I have also a working client/server with keytool, but I need to use socat client from freshmeat.net/projects/socat , or just identify the clients with cafile/cert file).