I am the maintainer (not programmer) of a Tomcat application which connects to a remote web server via HTTPS. I fear that the remote certificate is either not trusted or has an unknown algorithm. How can I check this?
I cannot find any traces in Tomcat logs (catalina, ...), and I have no idea how I could use keytool with it.
Is there a way I can do without writing a Java program, or is there a simple code snippet I can test with?
I think in the following link you could find something really close to what you need:
https://gist.github.com/4ndrej/4547029
Regards
You can enable ssl-debug on the java process:
Debugging SSL/TLS Connections
Basically add this to the tomcat CATALINA_OPTS
-Djavax.net.debug=all
Related
I chose the UnboundID LDAP SDK for Java. I deployed, somewhere in cloud, a Bastion server and a Microsoft Active Directory in the same network. If I run the LDAP client code on the Bastion server, it works. Now I want to run the code locally. For this, I installed the Squid on the Bastion and I configured it to allow everything. I start the Java application with -Dhttp.proxyHost, -Dhttp.proxyPort, -Dhttps.proxyHost and -Dhttps.proxyPort.
I use the following method:
LDAPConnection(String host, int port, String bindDN, String password).
Using this approach doesn't work for me. I don't see the requests that are forwarded to the Squid proxy. I want to achieve this for developing purposes. I am new to this library.
Question: Does anybody achieved this before? Is it possible?
It won't work. I am not aware of any open source LDAP client in Java or C which will utilize CONNECT to tunnel through an HTTP proxy. Especially as soon as you will use certs or Kerberos your jump server will not work.
So i have my site on hosting company, and this company support let encrypt certificate, so i generated it and now the site is running with https protocol.My server side(spring boot application web service oriented started on VPS) for this site is on another company. My questions are:
How can i use this generated certificate on my server side part,
is it possible, what should i do?
What i need to provide to the server, and all things that are needed the server to work?
When i was without the certificate everything worked perfect, but right now on the server side i get
java.lang.IllegalArgumentException: Invalid character found in method name. HTTP method names must be tokens
and in the browser i get
net::ERR_SSL_PROTOCOL_ERROR,
when I`m trying the get resources from server.
From the hosting company i can get everything connected to the certificate
It seems that you are passing HTTPs traffic to web server which "talks" in plain HTTP.
Normally SSL termination is done on software like Apache HTTPD or Nginx.
Then you configure it to act as reverse proxy to your actual Spring boot application running in JVM.
You can also configure your JVM webserver (Jetty,Tomcat .. whatever you have) to use your Let's encrypt certificate, but I have doubt that certbot will be able to easily renew them.
We have a Java based application that connects to a web server to download a file. This Java based application is being invoked from within TIBCO which serves as a middleware. Recently, the web server is migrated to use Https certificate. So the URL would contain the Https protocol in it.
If we run the application as a standalone Java client, it works as long as I have imported the Https certificate into the Java keystore. We then moved the application onto TIBCO and installed the certificates onto the TIBCO BW. With this, we are still facing the login problems.
In the past we have noticed that we get a PEER Not Authenticated error message if the JRE cacerts keystore file is not imported with the web server certificate. But once we import it, it always worked fine. With TIBCO, we installed it in TIBCO BW. Still the issue persist.
We also have a JRE on that server where TIBCO is running. Are we expected to import the certificate into the JRE keystore as well?.
Really need your inputs as I am not familiar with TIBCO extensively. I am googling and exploring other ideas as we speak. But any pointers are definitely helpful.
thanks,
Pavan.
I am not familiar with the "peer not authenticated" error but if you wonder how to install SSL certificates in TIBCO BW, I suggest you have a look at the following tutorial (assuming you are working with BW 5.x):
https://tibcology.wordpress.com/2017/03/19/invoking-a-web-service-over-https-with-bw-5-x/
I'm trying to figure out how to debug my jar that is running remotely. Here is my scenario:
My .jar will be running from a VPS. This jar basically runs a server
for a game, so it also connects to a mysql db. I start the server with 3 .bat files that looks something like this:
set CLASSPATH=.;dist\aries.jar;dist\mina-core.jar;dist\slf4j-api.jar;dist\slf4j-jdk14.jar;dist\mysql-connector-java-bin.jar
java -Xmx500m -Dwzpath=wz\ -Djavax.net.ssl.keyStore=filename.keystore -Djavax.net.ssl.keyStorePassword=passwd -Djavax.net.ssl.trustStore=filename.keystore -Djavax.net.ssl.trustStorePassword=passwd net.world.WorldServer
pause
What I want to do is start the server on the vps like normal, but debugging the server on my local machine via Netbeans IDE. I don't know if this is possible because people will be connecting to the server (although, I will be debugging a test server which will only have me online).
Note: I have done a lot of searching before coming here and a lot of what I found had to do with using xdebug & php which has doesn't have much to do with my situation (I don't think)
-Thanks
There's a NetBeans FAQ page about this.
In brief:
Add the remote debugging options to your Java command. For example:
-Xdebug -Xrunjdwp:transport=dt_socket,server=y,address=8888,suspend=n
Then, use the attach debugger option in NetBeans and select your server and the port you used above (8888). It's pretty much that easy.
You may want to think about network and firewall considerations, as you may have noticed there are no passwords involved, so anyone who can connect to the port can debug your app. This could be a big security risk. Your VPS provider probably has some tools to help with setting up a secure, private connection.
I have a Java application which communicates with a Server and exchanges short messages over SMPP connection over TCP/IP. I want to add SSL security to make the short messages secured. I am using JSMPP (Java implementation of SMPP). I want answers to following points:
Where should I add SSL certificates in the application running machine (client)? Probably I should add them to JVM. Please confirm.
I have server implementation on another machine in java which run and waits for TCP/IP connection. Where should I add the certificates on server machine ?
Do I need to change the code or the JVM will add security to the existing code ?
Where can I find a free trial SSL certificates ?
I am using Java 1.6 and JSMPP 2.1.0
Thanks
Where should I add SSL certificates in the application running machine (client)?
Probably I should add them to JVM. Please confirm.
I have server implementation on another machine in java which run and waits for TCP/IP connection. Where should I add the certificates on server machine ?
You need to generate SSL certificates by your own for your server at server side only.
Store SSL certificates at server side Java directory.
Do I need to change the code or the JVM will add security to the existing code ?
code should be changed as you will have to connect to secured server (https) and import certificates accordingly.
Where can I find a free trial SSL certificates ?
As said in 1st answer, you need to generate certificate by your own and should no rely on free SSL certificates. (I doubt even you can find and import free certificates for your site).
You can use StartSSL to generate free SSL certificates:
https://www.startssl.com/