I have ActiveMQ (JMS) and want to connect multiple clients.
To support SSL security in Java clients, Apache ActiveMQ provides ssl support.
ActiveMQ how-do-i-use-ssl. If you want to verify client certificates, you need to take extra work for every client.
Is a client certificate necessary?
Customers can install the clients themselves, so it is not possible for me to create a certificate for every client.
Is my client connection then secure?
Related
I am developing a java client with SSL. They are asking me to do one way SSL. Is one way way SSL to be implemented from client side or only from server side?
in one way SSL , the client verifies the server certificate, but not vice versa. In two way SSL client verifies the server certificate and the server verifies the client certificate.
I have server application which runs on local host and the client also runs on local host.
As of now I am using java.net.serversocket and any application which has the ip and port detail of server can listen to the port.
My requirement is to secure the ports or secure the communication between the server and client application such that only my application client (authorised) one can listen to the ports or connect to server application. The data sent to and from client and server also has to be secured.
Apologies if naming conventions are not correct. I have been searching for solution and couldn't get anything for this, all I got is how to connect and make application communicate using socket programming , but no where I got the answer as how to secure the communication.
What you need here is some sort of authentication method to authorise only your client to communicate with the server. If you are using an existing communication protocol then it might have a specification for authentication already. If you are using your own protocol then you'll have come up with your own design for authentication.
It could be as simple as the server issuing some sort of request for authentication to the client. The client would then have to provide a satisfactory response (eg a user/password) otherwise the server would close the connection.
I would recommend taking a look at how some other protocols (eg HTTP) handle authentication to get some insight and also understand potential pitfalls.
Is there a way to establish the SSL/TLS communication between a Java implementation and some other application? I want my implementation to craft and send the standard protocol communication messages (e.g. ClientHello etc.) and establish a secure connection to the external app by myself.
Just a quick question, can I use SSL in html5 with websockets to communicate with my java server that is using SSLSockets?
I have been trying to connect using another java client using ssl sockets, which works, but I have not tried to do it through html5. Is it even possible?
For the record, I am using github pages to host my server, and I have a custom domain provided by Namecheap and an SSL certificate from Comodo.
Is it even possible to communicate between java and html5 using SSL?
WebSockets are not the same as "normal" TCP sockets but instead a protocol layer on top of TCP. And thus WebSockets over SSL can not communicate directly with SSLSockets. To communicate with WebSockets (with or without SSL) you would need a library implementing the WebSocket protocol.
I am trying to insert a header on all HTTPS requests that passes my proxy server.
I read that HTTPS request headers can not be tampered with.
Is there any way that I can insert a header on HTTPS requests?
Only if the proxy is the endpoint of the TLS connection with the client (i.e. the proxy decrypts the requests). Otherwise it won't actually see any HTTP headers at all, just TCP sessions containing encrypted data.
It is common for a reverse proxy local to the web server(s) to terminate TLS connections for performance - the Web server can dedicate more resources to serving applications because it doesn't need to spend CPU cycles on de/encryption.
If you do this, your server certificate must identify the proxy server, not the web server. Otherwise clients will get a warning about the identity of the server differing from the certificate identity.
If you don't control or trust the infrastructure between the proxy and your server you could re-encrypt the ongoing requests.
Unless you are willing to terminate the SSL connection on your proxy, no you can't. This is one of the main goals of SSL. The data and that includes the headers are encrypted from the client to the server.
If you decide to terminate / intercept the SSL connection on your proxy, the clients will get a warning in their browsers. If you are in charge of all the browsers of all the clients you would be able to install a custom certificate and the clients wouldn't get warned anymore.