I chose the UnboundID LDAP SDK for Java. I deployed, somewhere in cloud, a Bastion server and a Microsoft Active Directory in the same network. If I run the LDAP client code on the Bastion server, it works. Now I want to run the code locally. For this, I installed the Squid on the Bastion and I configured it to allow everything. I start the Java application with -Dhttp.proxyHost, -Dhttp.proxyPort, -Dhttps.proxyHost and -Dhttps.proxyPort.
I use the following method:
LDAPConnection(String host, int port, String bindDN, String password).
Using this approach doesn't work for me. I don't see the requests that are forwarded to the Squid proxy. I want to achieve this for developing purposes. I am new to this library.
Question: Does anybody achieved this before? Is it possible?
It won't work. I am not aware of any open source LDAP client in Java or C which will utilize CONNECT to tunnel through an HTTP proxy. Especially as soon as you will use certs or Kerberos your jump server will not work.
So i have my site on hosting company, and this company support let encrypt certificate, so i generated it and now the site is running with https protocol.My server side(spring boot application web service oriented started on VPS) for this site is on another company. My questions are:
How can i use this generated certificate on my server side part,
is it possible, what should i do?
What i need to provide to the server, and all things that are needed the server to work?
When i was without the certificate everything worked perfect, but right now on the server side i get
java.lang.IllegalArgumentException: Invalid character found in method name. HTTP method names must be tokens
and in the browser i get
net::ERR_SSL_PROTOCOL_ERROR,
when I`m trying the get resources from server.
From the hosting company i can get everything connected to the certificate
It seems that you are passing HTTPs traffic to web server which "talks" in plain HTTP.
Normally SSL termination is done on software like Apache HTTPD or Nginx.
Then you configure it to act as reverse proxy to your actual Spring boot application running in JVM.
You can also configure your JVM webserver (Jetty,Tomcat .. whatever you have) to use your Let's encrypt certificate, but I have doubt that certbot will be able to easily renew them.
Just a quick question, can I use SSL in html5 with websockets to communicate with my java server that is using SSLSockets?
I have been trying to connect using another java client using ssl sockets, which works, but I have not tried to do it through html5. Is it even possible?
For the record, I am using github pages to host my server, and I have a custom domain provided by Namecheap and an SSL certificate from Comodo.
Is it even possible to communicate between java and html5 using SSL?
WebSockets are not the same as "normal" TCP sockets but instead a protocol layer on top of TCP. And thus WebSockets over SSL can not communicate directly with SSLSockets. To communicate with WebSockets (with or without SSL) you would need a library implementing the WebSocket protocol.
I have a Java application which communicates with a Server and exchanges short messages over SMPP connection over TCP/IP. I want to add SSL security to make the short messages secured. I am using JSMPP (Java implementation of SMPP). I want answers to following points:
Where should I add SSL certificates in the application running machine (client)? Probably I should add them to JVM. Please confirm.
I have server implementation on another machine in java which run and waits for TCP/IP connection. Where should I add the certificates on server machine ?
Do I need to change the code or the JVM will add security to the existing code ?
Where can I find a free trial SSL certificates ?
I am using Java 1.6 and JSMPP 2.1.0
Thanks
Where should I add SSL certificates in the application running machine (client)?
Probably I should add them to JVM. Please confirm.
I have server implementation on another machine in java which run and waits for TCP/IP connection. Where should I add the certificates on server machine ?
You need to generate SSL certificates by your own for your server at server side only.
Store SSL certificates at server side Java directory.
Do I need to change the code or the JVM will add security to the existing code ?
code should be changed as you will have to connect to secured server (https) and import certificates accordingly.
Where can I find a free trial SSL certificates ?
As said in 1st answer, you need to generate certificate by your own and should no rely on free SSL certificates. (I doubt even you can find and import free certificates for your site).
You can use StartSSL to generate free SSL certificates:
https://www.startssl.com/
Environment: NetBeans 7.0.1, GlassFish 3.1
I want to sniff the communication between a WCF (.NET Framework 4) client and a Metro (2.1.1) web service, and then check the messages to be sure everything is how I want it to be. The web service uses Transport Security (SSL). I already know of Fiddler, but I did not have any success using it; only HTTPS browser traffic was visible. Is there a way to set up Fiddler to capture traffic between my services? Is there any other way?
UPDATE
I tried to start client and server on different machines and then use Fiddler, but no success. I tried Wireshark to capture traffic, but did not have any success running both on localhost. If i tried them on different machines, all I could see was TCP data exchange between the services.
On localhost + Wireshark, the packet counter next to the interfaces remained the same however I was calling the service lots of times.
UPDATE2
Tried to set up the proxy for NetBeans manually in the options, and programatically, but no success:
System.setProperty("http.proxyHost", "localhost");
System.setProperty("http.proxyPort", "8888");
System.setProperty("https.proxyHost", "localhost");
System.setProperty("https.proxyPort", "8888");
Tried to start GlassFish with these JVM options, but no :( :
<jvm-options>-Dhttp.proxyHost=localhost</jvm-options>
<jvm-options>-Dhttp.proxyPort=8888</jvm-options>
<jvm-options>-Dhttps.proxyHost=localhost</jvm-options>
<jvm-options>-Dhttps.proxyPort=8888</jvm-options>
As an alternative to Fiddler, if you control the WCF client, you could enable WCF Message Logging, and it will save all the unencrypted SOAP messages to a trace log. The logging can be enabled in the app.config file, so you don't even have to rebuild the app to enable or disable the logging.
you can setup metro to dump SOAP messages, info here. personally, i use charles proxy to watch soap exchanges. you configure the java proxy using the system properties in your "update2", works very well.
Use http://portswigger.net/burp/
It has a proxy. The proxy can be used for viewing the http traffic. It can also display SSL traffic by generating self signed certificate on the fly. You need to import the generated certificate into the java key store at the jax-ws client. Ensure that you have enabled "Support invisible proxy for non-proxy aware clients"
I often use commview to monitor traffic over the local loopback adapter. One of the few tools allowing traffic capture when both your client and service are on the same computer.
You can download a trail at http://www.tamos.com/products/commview/ and see if it works for you.
May be WebScarab is what you need. There are many manuals for sniffing ssl traffic, for instance that.
One approach I've tried successfully, is to make sure SSLv2 is used (as opposed to SSLv3), and then use Wireshark as described on the SSL page on the Wikishark Wiki, but better on Citrix support page "How to decrypt SSL and TLS traffic using Wireshark ". This works by giving Wireshark the private key of the server's SSL certificate, so that it can decrypt the conversation.
To force SSLv2 in your scenario, it seems sufficient to set -Dhttps.protocols=SSLv2Hello on your server-side JVM, but I googled that together. (See, e.g., the "Why do I get a javax.net.ssl.SSLException" question on the Java 1.4.2 Troubleshooting page, and the part on https.protocols in the JavaTM Secure Socket Extension (JSSE) Reference Guide.) I haven't done this part myself, and I can't seem to find clear documentation on this point.
(P.S. In my case, when I was decrypting .NET-to-.NET SSL traffic, I thought it was the switch back to SSLv2 which made the traffic readable by Wireshark. However, this blog post suggests that I was switching at the same time from a Diffie-Hellman cipher to a non-DH one.)