I am attempting to test a secure websocket connection from a Java server to an Angular client. The server uses a keystore I created by importing a self-signed certificate, which I created using OpenSSL. The client is supposed to display an error if the client connection fails.
For IE, Edge, and Firefox, if I do not install the browser certificate, I get a browser warning first, then if navigate to the site, I see the error. This is what I would expect.
For Chrome, I get the warning page "Your connection is not private" with the error NET::ERR_CERT_AUTHORITY_INVALID. If I then proceed to the site, it comes up without an error. My code shows that a connection is established. I didn't expect this to occur.
At first, I thought I had an old certificate installed in the browser. However, Chrome uses the same certificate store as IE and Edge, and they work. Still, I cleared the SSL cache and even uninstalled and reinstalled Chrome. It still didn't show the error.
Can anyone give me any suggestions as to why Chrome is allowing this connection without the browser certificate?
Related
I am writing an HTTPS proxy in play framework, yet every time I try to run it on a website that has ssl encryption I am getting this error in my server:
akka.actor.ActorSystemImpl(play-dev-mode) Illegal request, responding with status '400 Bad Request': CONNECT requests are not suppo
rted: Rejecting CONNECT request to '//any.website:443'
The proxy works well on HTTP, yet HTTPS is the problem. I tried changing my application.conf to have a port destined to work on HTTPS, but when I try to run it with the keystore i setup using the keytool command I am getting the following error in my browser:
Secure Connection Failed
The connection to the server was reset while the page was loading.
The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
Please contact the website owners to inform them of this problem.
Any workaround to allow HTTPS on a play framework proxy server?
We are trying to access a restful web service resource hosted on IIS server with https protocol.
When we disable TWO WAY SSL Auth (server side validation of client certificate disabled) everything works fine.
When the IIS imposes TWO WAY SSL (server side validation of client certificate enabled) we are getting the below exception:
403 - Forbidden: Access is denied.
You do not have permission to view this directory or page using the credentials that you supplied.
We are using java 1.8 update 102, IIS server 7.5 and TLS 1.2 for ssl
For detailed issue please open the below link:
For details SSL Debug log, certificates, client program
It will be great help if someone help us.
Thanks!
See this warning in the SSL log:
no suitable certificate found - continuing without client authentication
Your server is sending a list of accepted CAs to request a client certificate, but your client does not find a suitable one. It seems your keystore has the correct certificate. Ensure that your certificate is correct, for example installing it in the browser and navigating to a protected resource
May be it is a configuration issue of your Java client. Please read HttpClientBuilder documentation carefully
System properties will be taken into account when configuring the default implementations when useSystemProperties() method is called prior to calling build().
You did not call useSystemProperties().
See also this bug report that might affect you https://issues.apache.org/jira/plugins/servlet/mobile#issue/HTTPCLIENT-1477
I have a problem on my EMM virtual machine.
When I go to my console an error appears, as the screen shows
I think I have done all the previous tasks correctly, but only the people who do not work are not mistaken, so the error can come from the previous steps.
I'm running Windows Server 2008 64-bit
I have Java JDK 8 update 121
I have the latest version of WSO2 EMM
I'm logged in admin
This is due to the SSL certificate available in wso2carbon.jks in set to localhost not to the ip address. You can simply navigate to the emm server by clicking on the WSO2 logo.
and you can create a self singed SSL certificate to the ip address and replace the current cert in order to prevent this screen.
I have following situation - I want to get page content using https request and java agent. However, I'm getting following error message:
javax.net.ssl.SSLHandshakeException: com.ibm.jsse2.util.j: Certificate chaining error
I already imported internet certificates to my local notes cacerts file, but nothing changed.
However, when I'm running same code in Eclipse, using keystore with certificates downloaded from page I try to receive and it works fine.
I'm out of ideas, any suggestions will be appreciated!
===EDIT===
Dmytro Pastovenskyi's answer helped me, but additionally to get rid of protocol_version exception I had to use following code, setting version of TLS used:
System.setProperty("https.protocols", "TLSv1");
It seems nessesary to establish connection to some sites using 1.6 IBM JAVA.
I had same issue some times before.
It looks like IBM Domino server more strict when it check certificates. Our administrator who at the beginning said that chain is correct later found an issue with chain (and yes, it worked for .NET/JAVA and other platform, just not with Domino). Try to find some online tools that verify chain.
Before chain is fixed you can simply disabled certificate validation. I've an article how to do it (+ some other articles that may help you). Have a look here: Disabling certificate validation in Java
I'm getting javax.net.ssl.SSLPeerUnverifiedException: No peer certificate on Android device when trying connect to server.
I've tried different solutions like disabling certificate check (just for debug purpose) or to enable old cipher algorithms and nothing worked.
When I'm opening this url in browser everything seems fine however I see message "This site uses a weak security configuration(SHA-1 signatures)".
Could it be the reason of this exception?