So i have my site on hosting company, and this company support let encrypt certificate, so i generated it and now the site is running with https protocol.My server side(spring boot application web service oriented started on VPS) for this site is on another company. My questions are:
How can i use this generated certificate on my server side part,
is it possible, what should i do?
What i need to provide to the server, and all things that are needed the server to work?
When i was without the certificate everything worked perfect, but right now on the server side i get
java.lang.IllegalArgumentException: Invalid character found in method name. HTTP method names must be tokens
and in the browser i get
net::ERR_SSL_PROTOCOL_ERROR,
when I`m trying the get resources from server.
From the hosting company i can get everything connected to the certificate
It seems that you are passing HTTPs traffic to web server which "talks" in plain HTTP.
Normally SSL termination is done on software like Apache HTTPD or Nginx.
Then you configure it to act as reverse proxy to your actual Spring boot application running in JVM.
You can also configure your JVM webserver (Jetty,Tomcat .. whatever you have) to use your Let's encrypt certificate, but I have doubt that certbot will be able to easily renew them.
Related
I chose the UnboundID LDAP SDK for Java. I deployed, somewhere in cloud, a Bastion server and a Microsoft Active Directory in the same network. If I run the LDAP client code on the Bastion server, it works. Now I want to run the code locally. For this, I installed the Squid on the Bastion and I configured it to allow everything. I start the Java application with -Dhttp.proxyHost, -Dhttp.proxyPort, -Dhttps.proxyHost and -Dhttps.proxyPort.
I use the following method:
LDAPConnection(String host, int port, String bindDN, String password).
Using this approach doesn't work for me. I don't see the requests that are forwarded to the Squid proxy. I want to achieve this for developing purposes. I am new to this library.
Question: Does anybody achieved this before? Is it possible?
It won't work. I am not aware of any open source LDAP client in Java or C which will utilize CONNECT to tunnel through an HTTP proxy. Especially as soon as you will use certs or Kerberos your jump server will not work.
I am looking for advise on how to encrypt a command line application.
I envisage a command line app that interacts with a web service. I want the messages between the app and the web service to be encrypted.
I know that SSL certificates are the common use for encrypting with web services however if i have a single app that many people take and use on the command line of their machines each will have to have a SSL certificate.
Is there another way to encrypt the communication?
Note: I am building both the web service and command line application so can match up the encryption if needed.
Thanks
I want to encrypt the transmitted data i.e., the http headers and body.
HTTPS with a server certificate (no need to client certificate in your case) can do it. Nobody between your client and your server will be able to read or modify the content of the transmitted data (url, headers and body).
The server will present his certificate to your client. With that your client can confirm the identity of the server. Then they can exchange informations securely.
If you need to identify the client to your server, you can use a client certificate (but it's not the only method)
Note that because of DNS and SNI, somebody on the network can still know which domain your client connect to.
I use Apache Tomcat and I configure it for HTTPS connection (at the moment using a self signed certificate).
I wondering if I should set other in my java code (I use Spring) or Tomcat provides connection encrypted for all the data. For example if I use FTP, download end send file etc...
Maybe is a stupid question but it is important use https for my connection.
Thanks, best regards
I have a java application that runs on client machines that receives ajax requests from web applications. Some of these web applications that would like to use the service are served only under https.
I have the java app now accepting and handling SSL requests just fine, but I must first navigate to the server in a browser and accept the cert.
What is the best method of having a 'real cert' installed as part of this java app that listens on https://localhost:my_port?
On windows, it seems I can have an installer add a self signed cert to the machines accepted list. I had also thought about getting a verified cert for thisApp.myDomain.com and then changing host files to point that address to 127.0.0.1, but changing host files seems malicious and I worry about that being picked up by anti-virus.
The 'main' application is a web based system. Some users of this web based system would like to be able to print to special printers on designated computers. The java app is to be installed on those computers, the web application then sends ajax requests to the java app, which interacts with the printers. End users need to be able to install this java service with an easy, one-click type of installer. The web app is run from a browser on the machines doing the printing, hence localhost.
As stated earlier, the web apps need to connect to the web server (currently residing with amazon) via https. The connection to the localhost print server does not need to be https for any reason other than Chrome complains about insecure content, and chrome is currently the most widely used browser by our users.
Any thoughts or suggestions?
If by "real" cert, you mean one that signed by a trusted CA, then I think that the answer is that you probably can't. I don't think a trusted CA will issue one for you.
The answer I linked to above suggests that you set up your own CA by getting a CA cert. The other alternatives are a self-signed cert for 127.0.0.1, or tweaking your DNS resolution (e.g. via the client machines' "hosts" files) so that some name with a valid cert resolves to a loopback address on your client machines.
BTW - turning off certificate verification is not the way to go. It is better to add a self-signed certificate to the trusted cert list of (for instance) the user's browser.
If I was in your situation, I think I'd change whatever it is that requires HTTPS for requests on 127.0.0.1. Either don't require HTTPS for the requests, or change the IP address to the client's own IP address.
I try to install self signet certificate on client machine - but fails. Don't remember what was the issue. So I turn off verification for certificate in client code.
You can read about it here.
I am developing a flex application with flex 4.1 sdk and java backend (runs on Glassfish 3.1 via http). For security reasons I decided to move my authentication process to https until a session id is obtained. Therefore I changed the filter settings to use ssl for login and logout pages(just two pages due to performance reasons. The data-size sent to client is large and I do not want to slow down the system). Glassfish forwarded these pages to 8181 port (which is HTTPS port). Everything is ok for the java part. However flex defines the 8181 port as a different domain and then problems arise. Due to flash's same-origin policy it cannot load the secured content. Normally a crossdomain.xml is the solution but I am accessing content of the same domain through a different port. What will be the solution ?
Probably not the best solution but create a subdomain that maps to 8181 and put a crossdomain.xml that will allow access from root domain.