I need to sent a POST request on a https url (https://xyz.in). I have a SSL certificate ( cert.cer ) which will be used to send the Request. I donot know how to use that certificate to make a https connection. Can anyone help me who knows how to do it . I am sending request in java
Related
I am working with Google Assistant / Dialogflow. I want to check all incoming requests. I need to get and verify a certificate.
I try to get a certificate from a header or param from HttpRequestServlet but nothing to get.
How can I do this?
I'm assuming that you want to validate incoming Dialogflow requests in your Java webhook server.
Take a look at this. You should use Mutual TLS authentication:
To request mTLS:
Prepare your webhook HTTPS server to request the client certificate during the TLS handshake.
Your webhook server should verify the client certificate upon receiving it.
Install a certificate chain for your webhook server, which can be mutually trusted by both client and server. You should use Google Trust Services CA 1O1 (GTS CA 1O1). GTS CA 1O1 uses the GlobalSign R2 root (GS Root R2), which is owned and controlled by Google Trust Services. You can download it from: https://pki.goog/repository/
The documentation also provides a demo about how to do this on NodeJS server. In Java, it depends on what you're using but the process is the same. So take a look a these links about setting up mTLS on Java servers and you can use the NodeJS server demo as reference.
https://docs.oracle.com/cd/E19879-01/819-3669/6n5sg7ccd/index.html
https://tomcat.apache.org/tomcat-9.0-doc/ssl-howto.html#Installing_a_Certificate_from_a_Certificate_Authority
https://discuss.aerospike.com/t/how-to-use-mutual-authentication-tls-mtls-in-java/7314
https://www.baeldung.com/x-509-authentication-in-spring-security#Mutual
We are trying to access a restful web service resource hosted on IIS server with https protocol.
When we disable TWO WAY SSL Auth (server side validation of client certificate disabled) everything works fine.
When the IIS imposes TWO WAY SSL (server side validation of client certificate enabled) we are getting the below exception:
403 - Forbidden: Access is denied.
You do not have permission to view this directory or page using the credentials that you supplied.
We are using java 1.8 update 102, IIS server 7.5 and TLS 1.2 for ssl
For detailed issue please open the below link:
For details SSL Debug log, certificates, client program
It will be great help if someone help us.
Thanks!
See this warning in the SSL log:
no suitable certificate found - continuing without client authentication
Your server is sending a list of accepted CAs to request a client certificate, but your client does not find a suitable one. It seems your keystore has the correct certificate. Ensure that your certificate is correct, for example installing it in the browser and navigating to a protected resource
May be it is a configuration issue of your Java client. Please read HttpClientBuilder documentation carefully
System properties will be taken into account when configuring the default implementations when useSystemProperties() method is called prior to calling build().
You did not call useSystemProperties().
See also this bug report that might affect you https://issues.apache.org/jira/plugins/servlet/mobile#issue/HTTPCLIENT-1477
I have issue with website url.When I enter website url in the chrome,then websites name comes with
Not secure| www.mywebsitesname.com
How can I change this to
Secure |http://mywebsitesname.com
Is it possible?
Yes, it is possible make your website secure. You need to buy a SSL certificate for that and set all internal url to run on HTTPS instead of HTTP. Because HTTP is not secure.
You can buy SSL certificate from Godaddy
After that your site will have something like this before url
For more on HTTP VS HTTPS please read this
Change your url HTTP to HTTPS by SSL certification
HTTP VS HTTPS
Hyper Text Transfer Protocol Secure (HTTPS) is the secure version of HTTP, the protocol over which data is sent between your browser and the website that you are connected to. The 'S' at the end of HTTPS stands for 'Secure'. It means all communications between your browser and the website are encrypted.
From begin of 2017 more (especially e-commerce) site that don't have the
https
are signed with 'non sicure'. To solve this problem you can implements on your site the https module simpy to buy a SSL from your provider.
I would like to write a SSL MITM proxy using Jetty. I've gone through some examples and it seems that I can use org.eclipse.jetty.server.handler.ConnectHandler for HTTPS Connect tunneling.
Is there any way that I can set my own certificate and decrypt content using ConnectHandler?
On client side I have Apache HTTP client on jdk5u22. On server side I have tomcat on jdk6u27.
With this setup if I try SSL Client authentication (2 way SSL) then it cause "javax.net.ssl.SSLHandshakeException: Insecure renegotiation is not allowed" on the server and handshake fails. It succeeds if I set system properties sun.security.ssl.allowUnsafeRenegotiation=true and sun.security.ssl.allowLegacyHelloMessages=true on server.
As per the link http://www.oracle.com/technetwork/java/javase/documentation/tlsreadme2-176330.html this is coz JRE6u27 has the RFC 5746 implementation and JRE5u26 below doesnt have this and so both are incompatible. Unfortunately 5u22 is the latest freely available java 5 version. So I want to know if it is possible to have SSL client authentication without ssl re-negotiation.
Regards,
Litty Preeth
As per the redhat site https://access.redhat.com/kb/docs/DOC-20491#Renegotiations_disabled_in_Apache_Tomcat :
Tomcat may ask the client to renegotiate in certain configurations using client certificate authentication, for example, configurations where:
A client certificate is not required on the initial connection, such as when:
1. The clientAuth attribute of the HTTPS connector using JSSE is set to
false. Or The SSLVerifyClient attribute of the HTTPS connector using
OpenSSL is set to none.
AND
2. A web application specifies the CLIENT-CERT authentication method in
the login-config section of the application's web.xml file.
So to avoid re-negotiation in tomcat just make the whole site secure and not just a part of it by setting clientAuth="true" for ssl .
Hope this helps someone.
Regards,
Litty