Trying to do a "secure" connection using JavaSpark.
I have a CRT certificate in a Java Keystore, but code like this gives me a server error:
secure("/keystore.jks", "thepassword",
"trusted-certificate-file-name", "thepassword");
The "trusted-certificate-file-name" is the name inside the keystore file.
What am I doing wrong?
Related
I'm trying to connect with MQ service and for ssl connection imported my certificate in cacerts file.
But when I'm running to connect, its showing below error
rc=2059 amq9503 channel negotiation failed
Do I need to create separate keystore and place my certificate in it, then point it using parameter javax.net.ssl.truststore ?
MQ error 2059 (MQRC_Q_MGR_NOT_AVAILABLE) has nothing to do with SSL.
This error means usually means you are missing a client-side SSL certificate.
# Check your certificate installation path
javax.net.ssl.keyStore=<path to key store containing just your client certificate>
javax.net.ssl.keyStorePassword=<password for that key store>
I am using a self-signed certificate to establish a SSL connection between an application and my server. Now I'm loading a truststore from jar's resources.
Can I sign a jar using my sertificate and then use some magic to create a SSL context without packing a truststore into my client?
No. A signing certificate is not the same thing as an SSL certificate.
I am given a certificate by my api provider which are .crt file and .p12 file.
I generated ca-cert.pem file from .crt file and
client-cert.pem and client-key.pem file from .p12 file using openssl as required by api.
I am also provided with username password for basic authentication by my api provider.
My question is how can I connect to server url https (rest) using these certificate and credentials using Java.
You basically have to create an SSLSocketFactory see here for an example. Once you've created the SSLSocketFactory you can set it when you create a Connection from the URL like so.
SSLSocketFactory sf = ... see that example
URL url = new URL("https://google.com");
HttpsURLConnection connection = (HttpsURLConnection) url.openConnection();
connection.setSSLSocketFactory(sf);
... Now do stuff with that connection like GET or POST
Also fyi, you are going to want to convert your certificates into the JKS format that Java prefers in order to easily load them into the SSLSocketFactory. You can use a program called keytool that comes with java which can help you out.
I am trying to add an validated SSL certificate to my java app. The Java app acts as a Transformation Service. It listens on a port at a specific URL. It Transforms the body of the request by string find and replace. The Java app then POST that transformed data off to an internal service.
I have added a Self Signed SSL certificate to the app. However this does not work too well. In SoapUI it works fine. When I try call it from a C# application using basicHttpBinding and a HttpWebRequest, I get the following error:
Unhandled Exception: System.Net.WebException:
The underlying connection was closed:
Could not establish trust relationship for the SSL/TLS secure channel. --->
System.Security.Authentication.AuthenticationException: The remote certificate
is invalid according to the validation procedure.
So I removed that certificate and added a signed certificate. This certificate is currently attached to the domain where the java app is listening on. When I try and run the Java app I get the following exception:
java.net.SocketException: java.security.NoSuchAlgorithmException: Error constructing
implementation (algorithm: Default, provider: SunJSSE, class:
com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl)
Java code that sets the Key and Trust Store:
loadConfig();
loadTransforms();
// Set Trust/Key stores
System.setProperty("javax.net.ssl.keyStore", keyFile);
System.setProperty("javax.net.ssl.keyStorePassword", keyPassword);
System.setProperty("javax.net.ssl.trustStore", keyFile);
System.setProperty("javax.net.ssl.trustStorePassword", keyPassword);
TransformationServer server = new TransformationServer();
server.runServer(mode);
The certificates are stored inside the key and trust stores. Does anyone have any ideas?
Went about a different solution. I have added the config below to the WinForm App.
<system.net>
<settings>
<httpWebRequest useUnsafeHeaderParsing="true" />
</settings>
</system.net>
So Java is still using a Self Signed Cert.
EDIT:
There was something wrong with the line endings in the header of the request. It did not comply with some http RFC standard.
I'm trying to write a service in Grails to send push notifications to update passbook passes. I got to the point where I could test to see if the code to connect to the APN server was working, however, I cannot seem to establish a connection using the Java SSLSocket methods.
The first part of the connection works, I receive the certificate from the server and find a trusted certificate in the certificate chain; however, after that, for some reason my client certificate / certificate chain is not ever sent to the server, and hence the connection fails.
I can't seem to figure out why the certificate is not being sent, I use the following code to set up the keystore:
void setupSSLPropertiesForConnection() {
System.setProperty("javax.net.ssl.keyStore", "superSecretFile.p12")
System.setProperty("javax.net.ssl.keyStorePassword", "superSecretPassword")
System.setProperty("javax.net.ssl.keyStoreType", "PKCS12")
System.setProperty("javax.net.ssl.trustStore", "trustStoreFile")
System.setProperty("javax.net.ssl.trustStorePassword", "trustStorePassword")
System.setProperty("javax.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol")
}
and then to try and connect to the APN server:
setupSSLPropertiesForConnection()
SSLSocketFactory factory = (SSLSocketFactory)SSLSocketFactory.getDefault()
SSLSocket socket = (SSLSocket)factory.createSocket("gateway.push.apple.com", 2195)
I've looked at the PKCS12 file using Java's keytool and there is only one alias, which contains the entire certificate chain for my passbook certificate (certificate, WWDR, Apple Certificate), so I'm stuck on why the certificate isn't being sent when it's requested. Any help as to why it's not sending the certificate information would be muchly appreciated!
Edit: Also, if someone were to post a method of getting a SSL certificate from a .p12 used to sign passes or simply from the passbook certificate downloaded from the iOS dev portal, that is known to work, then I might be able to work backwards from that to figure out what it is I'm doing wrong.
Now I feel silly, apparently the filenames for my client PKCS12 file and the trust store file were both wrong, but in setting the keystore and truststore using the System.setProperty, it doesn't throw any error if the files cannot be found or opened.
I tried changing my code so that I am creating SSLSocketFactory from an SSLContext created with a TrustManagerFactory and a KeyManagerFactory, and when I tried that it threw FileNotFoundError. Now it seems to be working at least. Sigh.