I have a Java application which communicates with a Server and exchanges short messages over SMPP connection over TCP/IP. I want to add SSL security to make the short messages secured. I am using JSMPP (Java implementation of SMPP). I want answers to following points:
Where should I add SSL certificates in the application running machine (client)? Probably I should add them to JVM. Please confirm.
I have server implementation on another machine in java which run and waits for TCP/IP connection. Where should I add the certificates on server machine ?
Do I need to change the code or the JVM will add security to the existing code ?
Where can I find a free trial SSL certificates ?
I am using Java 1.6 and JSMPP 2.1.0
Thanks
Where should I add SSL certificates in the application running machine (client)?
Probably I should add them to JVM. Please confirm.
I have server implementation on another machine in java which run and waits for TCP/IP connection. Where should I add the certificates on server machine ?
You need to generate SSL certificates by your own for your server at server side only.
Store SSL certificates at server side Java directory.
Do I need to change the code or the JVM will add security to the existing code ?
code should be changed as you will have to connect to secured server (https) and import certificates accordingly.
Where can I find a free trial SSL certificates ?
As said in 1st answer, you need to generate certificate by your own and should no rely on free SSL certificates. (I doubt even you can find and import free certificates for your site).
You can use StartSSL to generate free SSL certificates:
https://www.startssl.com/
Related
I have a need to monitor certificates on various remote servers. I wondered if there is a way to do with in Java. I have seen examples for monitoring with HTTPSConnection but my remote servers do not support HTTPS connection. Has anybody tried any other method like using openssl with hostname and port
Thanks
Moses
My main objective is to maintain TLS on a secure website. I'm currently running ws on an https site, the "SSL Lock" in Chrome is appearing red/broken because I am using a non-authenticated source from an https website. I need to secure the WebSocket so that the SSL Lock is preserved.
I've been searching the web for an example of how to implement wss in Java (server) and JavaScript (client), but I can't seem to find anything that I can use. I've seen a few examples of how create an SSL Server (I do have the necessary certificates for a TLS/SSL connection), but I'm not sure how to translate this to wss.
If anyone could provide an example on how to use wss from Java, I would greatly appreciate it.
A secure websocket can use a standard SSL certificate for a web server. You could do this in, for example, Tomcat or use Apache with mod_proxy_wstunnel between the browser and you Java server.
I am the maintainer (not programmer) of a Tomcat application which connects to a remote web server via HTTPS. I fear that the remote certificate is either not trusted or has an unknown algorithm. How can I check this?
I cannot find any traces in Tomcat logs (catalina, ...), and I have no idea how I could use keytool with it.
Is there a way I can do without writing a Java program, or is there a simple code snippet I can test with?
I think in the following link you could find something really close to what you need:
https://gist.github.com/4ndrej/4547029
Regards
You can enable ssl-debug on the java process:
Debugging SSL/TLS Connections
Basically add this to the tomcat CATALINA_OPTS
-Djavax.net.debug=all
I have a situation and not sure if it has possible solution.
I have a Java Server with SSL Socket and certificates "A" & "B". I also have 2 types of clients - one with certificate "A" and another with certificate "B". However only one certificate is loaded on a server side and therefore either clients with cert. "A" can connect or only clients with cert. "B" can connect.
Is it possible to modify Java Server such that up on a connection from any client, it will determine which certificate is used ( A vs. B ) and use appropriate cert?
P.S: Please pardon my security ignorance.
Thank you.
Being able to use two server certificates on the same IP address and port is possible via the Server Name Indication (SNI) extension, which must be supported by the client and the server.
Java supports this on the client side since Java 7.
Unfortunately, this is not supported on the server side yet. This is planned for Java 8.
Meanwhile, if you do need SNI support on your server, you may be able to use another server to handle the SSL/TLS connection and forward the plain text connection to your application. Typically, this can be done with Apache Httpd (with a reverse proxy) for HTTP(S).
Alternatively, it looks like the HTTPS-SNI-Proxy project may be more flexible for other protocols (despite having HTTPS in its name). I haven't tried it, but according to its README, it looks for the SNI extension in the initial Client Hello and then forwards the entire SSL/TLS connection (without deciphering it) to another server, depending on what is configured. In your example, you would have to set up two SSLServerSockets on distinct ports (not the one you really want to listen to) and forward connections from this tool to either port depending on what the client requests with its SNI extension.
I have a java application that runs on client machines that receives ajax requests from web applications. Some of these web applications that would like to use the service are served only under https.
I have the java app now accepting and handling SSL requests just fine, but I must first navigate to the server in a browser and accept the cert.
What is the best method of having a 'real cert' installed as part of this java app that listens on https://localhost:my_port?
On windows, it seems I can have an installer add a self signed cert to the machines accepted list. I had also thought about getting a verified cert for thisApp.myDomain.com and then changing host files to point that address to 127.0.0.1, but changing host files seems malicious and I worry about that being picked up by anti-virus.
The 'main' application is a web based system. Some users of this web based system would like to be able to print to special printers on designated computers. The java app is to be installed on those computers, the web application then sends ajax requests to the java app, which interacts with the printers. End users need to be able to install this java service with an easy, one-click type of installer. The web app is run from a browser on the machines doing the printing, hence localhost.
As stated earlier, the web apps need to connect to the web server (currently residing with amazon) via https. The connection to the localhost print server does not need to be https for any reason other than Chrome complains about insecure content, and chrome is currently the most widely used browser by our users.
Any thoughts or suggestions?
If by "real" cert, you mean one that signed by a trusted CA, then I think that the answer is that you probably can't. I don't think a trusted CA will issue one for you.
The answer I linked to above suggests that you set up your own CA by getting a CA cert. The other alternatives are a self-signed cert for 127.0.0.1, or tweaking your DNS resolution (e.g. via the client machines' "hosts" files) so that some name with a valid cert resolves to a loopback address on your client machines.
BTW - turning off certificate verification is not the way to go. It is better to add a self-signed certificate to the trusted cert list of (for instance) the user's browser.
If I was in your situation, I think I'd change whatever it is that requires HTTPS for requests on 127.0.0.1. Either don't require HTTPS for the requests, or change the IP address to the client's own IP address.
I try to install self signet certificate on client machine - but fails. Don't remember what was the issue. So I turn off verification for certificate in client code.
You can read about it here.