My web application is trying to reach the WSDL deployed at another server with the URL: https://172.xx.xx.xxx/interface/Webservice?WSDL
In order to do this, I've installed their SSL certificate to the keystore of my application server. However, the SSL certificate of the server I'm connecting to uses a wildcard SSL certificate.
Thus I'm getting the error: HTTPS hostname wrong: should be <172.xx.xx.xxx>
The server I'm connecting to doesn't have any plans to add my desired SAN in their certificates. Is there another way to connect to a wildcard SSL certificate?
Related
Application on java. OkHttp version 2.7.5 is used. A request is made to another service and an error occurs.
SSLHandshakeException: sun.security.validator.ValidatorException:
PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException:
unable to find valid certification path to requested target
I do not have a certificate. It seems there are solutions for the version of okHttp3. But the version can not be changed. How to solve a problem?
Is it possible to disable ssl for https?
Literally, no.
Use of SSL is fundamental to the HTTPS protocol. If you don't want to use SSL at all, configure your server with an HTTP endpoint and use that instead of HTTPS.
Furthermore use of SSL requires a certificate that is (at least) syntactically well-formed. That is also fundamental to the HTTPS protocol.
Now if the problem is that your server certificate has expired, then a possible solution is to use the approach described in:
Make a connection to a HTTPS server from Java and ignore the validity of the security certificate.
And if the problem is that you cannot get a proper certificate for the server (e.g. you can't afford it) then an alternative solution is:
generate a self-signed certificate; see How to generate a self-signed certificate using Java Keytool,
install it on the server side,
configure the client as above to ignore certificate validity.
But note that doing either of those things has security issues.
There is a third solution that is more secure.
generate a self-signed certificate (as above)
install it on the server side,
use Keytool to add the certificate to the client app's keystore as a trusted certificate.
I am trying to connect to a web server using https but I am having Trust anchor for certification path not found. I don't have the certificate of the web server but I want my application to allow connection to the server. However, I am only finding solutions about trusting all https connection. I only want to trust a certain web server. What approach do I have to do to achieve this?
If you use https without a certificate it is useless. The certificate ensures that the connection is not manipulated by a hacker. So you should get a certificate or use http.
I have the following scenario:
Web application (currently running in Eclipse)
Apache httpd proxy
5 backend servers (tomcat) all listening on HTTPS
I have valid certificates for all backend servers and also have the cert chain imported in the keystore. Can anyone explain to me or give me a sample config for the proxy? I am getting different errors when trying to establish trust between the proxy and backend servers like (downstream server wanted client certificate but none are configured).
Can anyone tell me what is client/certificate authentication by server in tomcat, in our application we are getting certificate as part of request parameter and doing validation of certificate, does that mean we are doing client/certificate authentication? i guess we are doing certificate validation in application code which means its application level and we are not doing any client/certificate authentication at server level.. can anyone please confirm this
what is client/certificate authentication by server in tomcat
It is two way SSL authentication. When SSL is enabled on the sever, the server cert should be there client trusted certs store.
Similarly, when the client/certificate authentication is enabled, the client SSL cert should be there in server trusted cert store.
we are getting certificate as part of request parameter and doing validation of certificate, does that mean we are doing client/certificate authentication?
No. That is application validation. But, who is setting in the request parameter.
NOTE: This client cert authentication is done by Container. But, the container provides the ssl properties using request parameters.
Look here to know what properties are set by the server when the connection is secure.
I'm trying to consume a Webservice hosted under https security.
I'm using Java and glassfish and I'm getting the following error:
INFO: HTTP transport error: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No name matching testdomain.com found
The thing is that this specific server is used for testing and it's using the production certificate (the one with CN=domain.com)
I already added the domain.com certificate to my glassfish domain's cacerts keystore using keytool -importcert and it didn't work.
I also tried creating a self signed certificate with the CN=testdomain.com and adding it to the cacerts keystore and it didn't work either...
So how do I configure Java/Glassfish to consume this Web Service?
The CN of the server certificate should match the domain in URL to which the client connects. If still doesn't work, I would check if the IP maps to this hostname too (reverse DNS). It is the client, who verifies it. If you want to bypass this hostname verification, see the example code in my article: http://jakubneubauer.wordpress.com/2011/09/06/java-webservice-over-ssl/
The priciple is that you provide your own HostnameVerifier to the service client proxy.
THe self-signed certificate needs to be installed in the keystore of the Web service, along with its private key, and imported into the truststore of Glassfish.
the self signed certificate needs to be installed in key store of your java client. and testdomain.com should be resolved using dns.