Home.... | log in.... | Pub my question! | Sign-up....
Java-index >> Core >> Core APIs

problem with RMI with SSL

HI everyone.

I wrote a server in RMI which is secure with SSL.

When I run the program I receive a lot of exception.

I'm little novice so I need some explanation.

The code where I'm create the SSL socket is:

publicclass RMISSLServerSocketFactory

implements RMIServerSocketFactory, Serializable

{

protectedstaticfinal String STORENAME ="server.private";

protectedstaticfinal String PASSPHRASE ="serverpw";

public ServerSocket createServerSocket(int port)

throws IOException

{

System.out.println("===========\nInside Server.createServerSocket()\n");

SSLServerSocketFactory ssf =null;

try{

// set up key manager to do server authentication

SSLContext ctx;

KeyManagerFactory kmf;

KeyStore ks;

char[] passphrase = PASSPHRASE.toCharArray();

ctx = SSLContext.getInstance("TLS");

kmf = KeyManagerFactory.getInstance("SunX509");

ks = KeyStore.getInstance("JKS");

ks.load(new FileInputStream(STORENAME), passphrase);

kmf.init(ks, passphrase);

ctx.init(kmf.getKeyManagers(), null,null);

ssf = ctx.getServerSocketFactory();

}catch (Exception e){

System.out.println("RMISSLServerSocketFactory.createServerSocket(): " +

"Exception : " + e.getMessage());

e.printStackTrace();

}

ServerSocket ss = ssf.createServerSocket(3000);

// require client authentication

((SSLServerSocket)ss).setNeedClientAuth(true);

return ss;

}

and when I'm compile the server itself I have a lot of exception.

Can anyone help me?

[2748 byte] By [RMI_SSLa] at [2007-11-27 7:04:09]
«« usage of JOptionPane.showMessageDialog and showInputDialog
»» Installing Policy Agent gives Invalid empty password
# 1
Unless you tell us what the exception(s) is/are it is impossible for anybody to help you.
ejpa at 2007-7-12 18:55:25 > top of Java-index,Core,Core APIs...
# 2

Sorry.

The problem I have it's when I need tp connect the client to the server with SSL security.

I Have the following exception:

java.rmi.ConnectIOException: error during JRMP connection establishment; nested

exception is:

javax.net.ssl.SSLHandshakeException: Remote host closed connection durin

g handshake

at sun.rmi.transport.tcp.TCPChannel.createConnection(Unknown Source)

at sun.rmi.transport.tcp.TCPChannel.newConnection(Unknown Source)

at sun.rmi.server.UnicastRef.newCall(Unknown Source)

at sun.rmi.registry.RegistryImpl_Stub.lookup(Unknown Source)

at HelloClient.main(HelloClient.java:32)

Caused by: javax.net.ssl.SSLHandshakeException: Remote host closed connection du

ring handshake

at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source)

at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Un

known Source)

at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(Unknown Source

)

at com.sun.net.ssl.internal.ssl.AppOutputStream.write(Unknown Source)

at java.io.BufferedOutputStream.flushBuffer(Unknown Source)

at java.io.BufferedOutputStream.flush(Unknown Source)

at java.io.DataOutputStream.flush(Unknown Source)

... 5 more

Caused by: java.io.EOFException: SSL peer shut down incorrectly

at com.sun.net.ssl.internal.ssl.InputRecord.read(Unknown Source)

... 12 more

Thanks a lot

RMI_SSLa at 2007-7-12 18:55:25 > top of Java-index,Core,Core APIs...
# 3
This could mean that the server isn't talking SSL. Can you run it again with -Djavax.net.debug=ssl,handshake set and show the results here?
ejpa at 2007-7-12 18:55:25 > top of Java-index,Core,Core APIs...
# 4

Hi,

Sorry to disturb you.

I did what you ask me to do and I receive the following:

Network, L=Salt Lake City, ST=UT, C=US

Issuer: CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST

Network, L=Salt Lake City, ST=UT, C=US

Subject: EMAILADDRESS=info@valicert.com, CN=http://www.valicert.com/, OU=ValiC

ert Class 2 Policy Validation Authority, O="ValiCert, Inc.", L=ValiCert Validati

on Network

Issuer: EMAILADDRESS=info@valicert.com, CN=http://www.valicert.com/, OU=ValiC

ert Class 2 Policy Validation Authority, O="ValiCert, Inc.", L=ValiCert Validati

on Network

Algorithm: RSA; Serial number: 0x44be0c8b500024b411d3362de0b35f1b

Algorithm: RSA; Serial number: 0x1

Valid from Fri Jul 09 21:31:20 IDT 1999 until Tue Jul 09 21:40:36 IDT 2019

Valid from Sat Jun 26 03:19:54 IDT 1999 until Wed Jun 26 03:19:54 IDT 2019

adding as trusted cert:

Subject: CN=AddTrust Class 1 CA Root, OU=AddTrust TTP Network, O=AddTrust AB,

C=SE

Issuer: CN=AddTrust Class 1 CA Root, OU=AddTrust TTP Network, O=AddTrust AB,

C=SE

adding as trusted cert:

Subject: EMAILADDRESS=premium-server@thawte.com, CN=Thawte Premium Server CA,

OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=West

ern Cape, C=ZA

Issuer: EMAILADDRESS=premium-server@thawte.com, CN=Thawte Premium Server CA,

OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=West

ern Cape, C=ZA

Algorithm: RSA; Serial number: 0x1

Valid from Thu Aug 01 03:00:00 IDT 1996 until Fri Jan 01 01:59:59 IST 2021

adding as trusted cert:

Algorithm: RSA; Serial number: 0x1

Subject: CN=Entrust.net Client Certification Authority, OU=(c) 1999 Entrust.ne

t Limited, OU=www.entrust.net/Client_CA_Info/CPS incorp. by ref. limits liab., O

=Entrust.net, C=US

Valid from Tue May 30 13:38:31 IDT 2000 until Sat May 30 13:38:31 IDT 2020

Issuer: CN=Entrust.net Client Certification Authority, OU=(c) 1999 Entrust.ne

t Limited, OU=www.entrust.net/Client_CA_Info/CPS incorp. by ref. limits liab., O

=Entrust.net, C=US

trigger seeding of SecureRandom

Algorithm: RSA; Serial number: 0x380391ee

done seeding SecureRandom

Valid from Tue Oct 12 21:24:30 IST 1999 until Sat Oct 12 21:54:30 IST 2019

adding as trusted cert:

Subject: CN=UTN - DATACorp SGC, OU=http://www.usertrust.com, O=The USERTRUST N

etwork, L=Salt Lake City, ST=UT, C=US

%% No cached client session

*** ClientHello, TLSv1

RandomCookie: GMT: 1181751989 bytes = {Issuer: CN=UTN - DATACorp SGC, OU=ht

tp://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US

Algorithm: RSA; Serial number: 0x44be0c8b500021b411d32a6806a9ad69

Valid from Thu Jun 24 21:57:21 IDT 1999 until Mon Jun 24 22:06:30 IDT 2019

227, 27, 143, 236, 149, 47adding as trusted cert:

Subject: CN=Sonera Class2 CA, O=Sonera, C=FI

Issuer: CN=Sonera Class2 CA, O=Sonera, C=FI

, 223, 150, 155, 72, 230, 217, 75, 166 Algorithm: RSA; Serial number: 0x1d

Valid from Fri Apr 06 09:29:40 IST 2001 until Tue Apr 06 10:29:40 IDT 2021

adding as trusted cert:

Subject: CN=VeriSign Class 3 Public Primary Certification Authority - G3, OU="

(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O

="VeriSign, Inc.", C=US

Issuer: CN=VeriSign Class 3 Public Primary Certification Authority - G3, OU="

(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O

="VeriSign, Inc.", C=US

, 138,Algorithm: RSA; Serial number: 0x9b7e0649a33e62b9d5ee90487129ef57

167, 25, 83, 202, 162, 8, 154 Valid from Fri Oct 01 02:00:00 IST 1999 until Thu

Jul 17 02:59:59 IDT 2036

adding as trusted cert:

Subject: EMAILADDRESS=info@valicert.com, CN=http://www.valicert.com/, OU=ValiC

ert Class 2 Policy Validation Authority, O="ValiCert, Inc.", L=ValiCert Validati

on Network

,Issuer: EMAILADDRESS=info@valicert.com, CN=http://www.valicert.com/, OU=Val

iCert Class 2 Policy Validation Authority, O="ValiCert, Inc.", L=ValiCert Valida

tion Network

69,Algorithm: RSA; Serial number: 0x1

220, 3, 65, 187, 71 }

Session ID:Valid from Sat Jun 26 03:19:54 IDT 1999 until Wed Jun 26 03:19:54

IDT 2019

adding as trusted cert:

{}

Subject: CN=AddTrust Class 1 CA Root, OU=AddTrust TTP Network, O=AddTrust AB,

C=SE

Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH

_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC

_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_

DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SH

A, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_

WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WI

TH_DES40_CBC_SHA]

Compression Methods: { 0 }

Issuer: CN=AddTrust Class 1 CA Root, OU=AddTrust TTP Network, O=AddTrust AB,

C=SE

Algorithm: RSA; Serial number: 0x1

Valid from Tue May 30 13:38:31 IDT 2000 until Sat May 30 13:38:31 IDT 2020

trigger seeding of SecureRandom

***

main, WRITE: TLSv1 Handshake, length = 73

main, WRITE: SSLv2 client hello message, length = 98

done seeding SecureRandom

main, READ: TLSv1 Handshake, length = 6937

*** ServerHello, TLSv1

RandomCookie: GMT: 1181751989 bytes = { 216, %% No cached client session

*** ClientHello, TLSv1

RandomCookie: GMT: 1181751989 bytes = { 71, 23245, 128, 245, 52, 102, 12, 41, 2

40, 27, 208, 254, , 10, 246, 44, 163, 227, 51, 170, 224, 45, 133, 2689, 249, 82,

56, 248, 118, 194, 197, 14, 130, 184, , 7, 148, 130, 30, 49, 217, 177, 3, 158,

134, 61201, 248, 52, 226, 237 }

, 109, 65, 183, 242 }

Session ID: Session ID: {70, 112, 27, 181, 249, 229, 86, 144, 164, 228, 16, 15

6, 126, 109, 74, 62, 205, 130, 91, 118, 242, 108, 43, 229, 124, 48, 1, 23, 42, 4

2, 60, 33}

Cipher Suite: SSL_RSA_WITH_RC4_128_MD5

Compression Method: 0

***

{}

Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH

_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC

_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_

DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SH

A, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_

WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WI

TH_DES40_CBC_SHA]

Compression Methods: { 0%% Created: [Session-2, SSL_RSA_WITH_RC4_128_MD5]

** SSL_RSA_WITH_RC4_128_MD5

*** Certificate chain

}

***

RMI RenewClean-[192.168.1.5:1619,RMISSLClientSocketFactory@82c01f], WRITE: TLSv1

Handshake, length = 73

RMI RenewClean-[192.168.1.5:1619,RMISSLClientSocketFactory@82c01f], WRITE: SSLv2

client hello message, length = 98

chain [0] = [

[

Version: V1

Subject: CN=Your Name, OU=Your Organizational Unit, O=Your Organization, L=You

r City, ST=Your State, C=Your Country

Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4

Key: Sun RSA public key, 1024 bits

modulus: 102213426381874292372231362648396601959543773380648294062752549780469

69290627869444351157446620916554725883074319983110876648053847391048421834799126

16361301291981634113359018091110799952511350298727958438093648416813499334828160

47213318405150255647569489886741889958387356898340983401229272345862797531642073

public exponent: 65537

Validity: [From: Wed Jun 13 19:13:56 IDT 2007,

To: Tue Sep 11 19:13:56 IDT 2007]

Issuer: CN=Your Name, OU=Your Organizational Unit, O=Your Organization, L=Your

City, ST=Your State, C=Your Country

SerialNumber: [467017c4]

]

Algorithm: [MD5withRSA]

Signature:

0000: 65 F8 77 60 DC 90 FB BFBA D6 5C 73 AF E0 AA 1F e.w`......\s....

0010: 82 6F A1 C9 F6 7E 4F 5FF9 63 C3 84 20 32 BA 21 .o....O_.c.. 2.!

0020: A8 8A 4A 98 22 E6 7C 1B5C E7 66 9A 0C 51 8B 62 ..J."...\.f..Q.b

0030: CA 08 0D 14 CD 56 9B 02C4 1F 15 3C 25 87 F9 BC .....V.....<%...

0040: 15 08 C0 E5 6C 79 3E 267C BF BF 85 92 72 27 60 ....ly>&.....r'`

0050: 0D 97 F8 6B 8B 51 70 1150 22 93 A7 1A 55 CD D2 ...k.Qp.P"...U..

0060: AA EF 4A DD C6 C5 BC ADCB 77 E4 AA 11 BF F8 12 ..J......w......

0070: 20 32 73 3C 68 0B 67 419F 44 5E 84 DA F1 0E 6F2s<h.gA.D^....o

]

***

RMI RenewClean-[192.168.1.5:1619,RMISSLClientSocketFactory@82c01f], READ: TLSv1

Handshake, length = 6937

*** ServerHello, TLSv1

RandomCookie: GMT: 1181751989 bytes = { 147, 214, 252, 135, 219, 52, 94, 224, 1

80, 195, 194, 113, 169, 14, 190, 222, 34, 137, 106, 224, 229, 100, main, SEND TL

Sv1 ALERT: fatal, description = certificate_unknown

126, 51, 38, 105, 109, 144 }

Session ID: main, WRITE: TLSv1 Alert, length = 2

{70, 112, 27, 181, 14, 159, 217, 239, 146, 161, 194, 48, 254, 98, 69, 114, 112,

249, 146, 8, 115, 60, 210, 65, 109, 104, 193, 128, 183, 120, 193, 182}

Cipher Suite: SSL_RSA_WITH_RC4_128_MD5

main, called closeSocket()

Compression Method: 0

***

main, handling exception: javax.net.ssl.SSLHandshakeException: sun.security.vali

dator.ValidatorException: PKIX path building failed: sun.security.provider.certp

ath.SunCertPathBuilderException: unable to find valid certification path to requ

ested target

%% Created: [Session-3, SSL_RSA_WITH_RC4_128_MD5]

** SSL_RSA_WITH_RC4_128_MD5

java.rmi.ConnectIOException: error during JRMP connection establishment; nested

exception is:

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorExc

eption: PKIX path building failed: sun.security.provider.certpath.SunCertPathBui

lderException: unable to find valid certification path to requested target*** Ce

rtificate chain

at sun.rmi.transport.tcp.TCPChannel.createConnection(Unknown Source)

chain [0] = [

[

Version: V1

Subject: CN=Your Name, OU=Your Organizational Unit, O=Your Organization, L=You

r City, ST=Your State, C=Your Country

Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4

Key: Sun RSA public key, 1024 bits

modulus: 102213426381874292372231362648396601959543773380648294062752549780469

69290627869444351157446620916554725883074319983110876648053847391048421834799126

16361301291981634113359018091110799952511350298727958438093648416813499334828160

47213318405150255647569489886741889958387356898340983401229272345862797531642073

public exponent: 65537

Validity: [From: Wed Jun 13 19:13:56 IDT 2007,

To: Tue Sep 11 19:13:56 IDT 2007]

Issuer: CN=Your Name, OU=Your Organizational Unit, O=Your Organization, L=Your

City, ST=Your State, C=Your Country

SerialNumber: [467017c4]

]

Algorithm: [MD5withRSA]

Signature:

0000: 65 F8 77 60 DC 90 FB BFBA D6 5C 73 AF E0 AA 1F e.w`......\s....

0010: 82 6F A1 C9 F6 7E 4F 5FF9 63 C3 84 20 32 BA 21 .o....O_.c.. 2.!

0020: A8 8A 4A 98 22 E6 7C 1B5C E7 66 9A 0C 51 8B 62 ..J."...\.f..Q.b

0030: CA 08 0D 14 CD 56 9B 02C4 1F 15 3C 25 87 F9 BC .....V.....<%...

0040: 15 08 C0 E5 6C 79 3E 267C BF BF 85 92 72 27 60 ....ly>&.....r'`

0050: 0D 97 F8 6B 8B 51 70 1150 22 93 A7 1A 55 CD D2 ...k.Qp.P"...U..

0060: AA EF 4A DD C6 C5 BC ADCB 77 E4 AA 11 BF F8 12 ..J......w......

0070: 20 32 73 3C 68 0B 67 419F 44 5E 84 DA F1 0E 6F2s<h.gA.D^....o

]at sun.rmi.transport.tcp.TCPChannel.newConnection(Unknown Source)

***at sun.rmi.server.UnicastRef.invoke(Unknown Source)

at java.rmi.server.RemoteObjectInvocationHandler.invokeRemoteMethod(Unkn

own Source)

at java.rmi.server.RemoteObjectInvocationHandler.invoke(Unknown Source)

at $Proxy0.sayHello(Unknown Source)

at HelloClient.<init>(HelloClient.java:37)

at HelloClient.main(HelloClient.java:82)

Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.Validator

Exception: PKIX path building failed: sun.security.provider.certpath.SunCertPath

BuilderException: unable to find valid certification path to requested target

RMI RenewClean-[192.168.1.5:1619,RMISSLClientSocketFactory@82c01f]at com.s

un.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source), SEND TLSv1 ALERT

: fatal, description = certificate_unknown

RMI RenewClean-[192.168.1.5:1619,RMISSLClientSocketFactory@82c01f], WRITE: TLSv1

Alert, length = 2

at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(Unknown Source)

at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)

at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)RMI Re

newClean-[192.168.1.5:1619,RMISSLClientSocketFactory@82c01f], called closeSocket

()

RMI RenewClean-[192.168.1.5:1619,RMISSLClientSocketFactory@82c01f], handling exc

eption: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorExc

eption: PKIX path building failed: sun.security.provider.certpath.SunCertPathBui

lderException: unable to find valid certification path to requested target

at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(Unkno

wn Source)

at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(Unknown

Source)

at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown Source)

at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Unknown Source

)

at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source)

at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Un

known Source)

at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(Unknown Source

)

at com.sun.net.ssl.internal.ssl.AppOutputStream.write(Unknown Source)

at java.io.BufferedOutputStream.flushBuffer(Unknown Source)

at java.io.BufferedOutputStream.flush(Unknown Source)

at java.io.DataOutputStream.flush(Unknown Source)

... 8 more

Caused by: sun.security.validator.ValidatorException: PKIX path building failed:

sun.security.provider.certpath.SunCertPathBuilderException: unable to find vali

d certification path to requested target

at sun.security.validator.PKIXValidator.doBuild(Unknown Source)

at sun.security.validator.PKIXValidator.engineValidate(Unknown Source)

at sun.security.validator.Validator.validate(Unknown Source)

at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(Unknown So

urce)

at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(

Unknown Source)

at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(

Unknown Source)

... 19 more

Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to

find valid certification path to requested target

at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown

Source)

at java.security.cert.CertPathBuilder.build(Unknown Source)

... 25 more

Thank you for your help, you really help me.

RMI_SSLa at 2007-7-12 18:55:25 > top of Java-index,Core,Core APIs...
# 5
The client doesn't trust the server's certificate. You have to export the server certificate from the server keystore and import it into the client's truststore.As you are using needClientAuth=true you also have to do the reverse.
ejpa at 2007-7-12 18:55:25 > top of Java-index,Core,Core APIs...
# 6
Hi,I tryed but it's not working yet.Can I send you all my files by mail and you will take a look a it.Sorry to disturb you.Thanks a lot.
RMI_SSLa at 2007-7-12 18:55:25 > top of Java-index,Core,Core APIs...
# 7
No you may not do any such thing.In any case it has nothing to do with your code.You have to carry out the operational steps I described, using the keytool.See the Javadoc/Guide to Features/Security/JSSE Reference Guide.
ejpa at 2007-7-12 18:55:25 > top of Java-index,Core,Core APIs...
# 8
Ok.I build the right certificate for both,client and server, and I export what I have to.It's not working yet.Can you please send me links about examples using RMI SSl which implements all what I have to do, I don't find such limks.Thanks a lot.
RMI_SSLa at 2007-7-12 18:55:25 > top of Java-index,Core,Core APIs...
# 9
It's not working how? after doing exactly what?There are examples linked from the reference I gave you, and Google is still up as far as I know, although beware of anything that doesn't come from Sun - there's a lot of misinformation out there.
ejpa at 2007-7-12 18:55:25 > top of Java-index,Core,Core APIs...
# 10

Ok.

Let's start from the begining.

The server run correctly with certificate.

My probleme is when a client try to connect to the server.

Here I give you the client code:

HelloClient.java

import java.net.InetAddress;

import java.io.*;

import java.net.*;

import java.rmi.server.*;

import javax.net.ssl.*;

import java.security.KeyStore;

import javax.net.*;

import javax.net.ssl.*;

import javax.security.cert.X509Certificate;

import java.rmi.*;

import java.rmi.RemoteException;

import java.rmi.RMISecurityManager;

import java.rmi.server.UnicastRemoteObject;

import java.rmi.*;

import java.rmi.registry.*;

import java.rmi.server.*;

import java.net.*;

import java.io.*;

import java.net.*;

import java.security.*;

import java.util.*;

import javax.net.*;

import javax.net.ssl.*;

public class HelloClient {

public static void main(String args[]) throws Exception {

// Get reference to the RMI registry running on port 3000 in the local host

Registry registry = LocateRegistry.getRegistry(null, 3000 , new [b]RMISSLClientSocketFactory());[/b]

// Lookup the remote reference bound to the name "HelloServer"

Hello obj = (Hello) registry.lookup("HelloServer");

String message = obj.sayHello();

System.out.println(message);

}

}

and here it's RMISSLClientSocketFactory.java

import java.io.*;

import java.net.*;

import java.rmi.server.*;

import javax.net.ssl.*;

import java.security.KeyStore;

import javax.net.*;

import javax.net.ssl.*;

import javax.security.cert.X509Certificate;

import java.io.*;

import java.net.*;

import java.rmi.server.*;

import javax.net.ssl.*;

public class RMISSLClientSocketFactory

implements RMIClientSocketFactory, Serializable

{

protected static final String STORENAME = "client.private";

protected static final String PASSPHRASE = "clientpw";

public Socket createSocket(String host, int port)

throws IOException

{

System.out.println("================\nInsideClient.createSocket()\n");

// Use these two lines if no client auth is required by server

//SSLSocketFactory factory =

//(SSLSocketFactory)SSLSocketFactory.getDefault();

SSLSocketFactory factory = null;

try {

// set up key manager to do server authentication

SSLContext ctx;

KeyManagerFactory kmf;

KeyStore ks;

char[] passphrase = PASSPHRASE.toCharArray();

ctx = SSLContext.getInstance("TLS");

kmf = KeyManagerFactory.getInstance("SunX509");

ks = KeyStore.getInstance("JKS");

ks.load(new FileInputStream(STORENAME), passphrase);

kmf.init(ks, passphrase);

ctx.init(kmf.getKeyManagers(), null, null);

factory = ctx.getSocketFactory();

} catch (Exception e) {

System.out.println("RMISSLClientSocketFactory.createSocket(): "

+

"Exception : " + e.getMessage());

e.printStackTrace();

}

SSLSocket socket = (SSLSocket)factory.createSocket(host, port);

return socket;

}

}

I put the certificate where I have too and I receive the following exception:

C:\Documents and Settings\lenovo\Desktop\4\Client>java HelloClient

================

InsideClient.createSocket()

Exception in thread "main" java.rmi.ConnectIOException: error during JRMP connec

tion establishment; nested exception is:

javax.net.ssl.SSLHandshakeException: Remote host closed connection durin

g handshake

at sun.rmi.transport.tcp.TCPChannel.createConnection(Unknown Source)

at sun.rmi.transport.tcp.TCPChannel.newConnection(Unknown Source)

at sun.rmi.server.UnicastRef.newCall(Unknown Source)

at sun.rmi.registry.RegistryImpl_Stub.lookup(Unknown Source)

at HelloClient.main(HelloClient.java:29)

Caused by: javax.net.ssl.SSLHandshakeException: Remote host closed connection du

ring handshake

at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source)

at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Un

known Source)

at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(Unknown Source

)

at com.sun.net.ssl.internal.ssl.AppOutputStream.write(Unknown Source)

at java.io.BufferedOutputStream.flushBuffer(Unknown Source)

at java.io.BufferedOutputStream.flush(Unknown Source)

at java.io.DataOutputStream.flush(Unknown Source)

... 5 more

Caused by: java.io.EOFException: SSL peer shut down incorrectly

at com.sun.net.ssl.internal.ssl.InputRecord.read(Unknown Source)

... 12 more.

Thanks a lot for your help.

RMI_SSLa at 2007-7-12 18:55:25 > top of Java-index,Core,Core APIs...
# 11

Well a key manager doesn't 'do server authentication', and you haven't set up a truststore, which does do that, but you can get rid of all that SSLContext-related code and just set the following system properties as described in the document I pointed you at:

javax.net.ssl.keyStore

javax.net.ssl.keyStorePassword

javax.net.ssl.trustStore

and then use the default SSLSocketFactory.

ejpa at 2007-7-12 18:55:25 > top of Java-index,Core,Core APIs...
Core
Core APIs

Core Hot Topic

Core

All Classified