Client settings
Hi Experts
I am new to security topics.
My requirement is that I have to connect the server using https connection. I got the certificate(.cer) and I copied to my local drive. Following is the client code in my java program. Please help me how to use the certificate to connect to the server.
String query = "test message";
String server = "https://servername:port/testComp"
URL ur = new URL(server);
HttpsURLConnection sk = (HttpsURLConnection) ur.openConnection();
sk.setRequestMethod("POST");
sk.setDoInput(true);
sk.setDoOutput(true);
sk.connect();
System.out.println("connected");
DataOutputStream dou = new DataOutputStream(sk.getOutputStream());
dou.writeBytes(query);
dou.flush();
dou.close();
BufferedReader inp = new BufferedReader(new InputStreamReader(sk.getInputStream()));
String tmp = new String("");
while( (tmp = inp.readLine()) != null)
{
tmp = tmp.trim();
if( tmp.equals(""))
continue;
else
System.out.println(tmp);
}
catch(Exception ex)
{
System.out.println("got the exception" +ex.toString());
}
}
Currently I am getting HandShake errors because I am not using this certificate properly. I appreciate any help on this.
First you have to import the public key into your cacerts under
%JAVA_HOME%/jre/lib/security/ cacerts. Either you can put it in here or create your own keystore to use in the code.
Now say your .cer file name is cert1.cer use the keytool to import the public key into the keystore.
keytool -import -trustcacerts -alias [your alias] -keypass [changeit] - file [cert1.cer] -keystore [cacerts path]
you should have the keytool utility in your %JAVA_HOME%/bin folder.
Now that you have the key in your truststore. add the following code to your existing code before creating the httpsurlconnection
System.setProperty("java.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol");
System.setProperty("javax.net.ssl.trustStore", cacerts_path);
System.setProperty("javax.net.ssl.keyStorePassword", cacerts_pwd);
com.sun.net.ssl.HttpsURLConnection.setDefaultHostnameVerifier(new HostnameVerifier() {
public boolean verify(String urlHost, String certHost) {
return true;
}
});
// setup the JSSE handler for the connection
Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
Hope this helps,
Thanks,
Rumpa Giri
rgiria at 2007-7-13 19:12:48 >
> System.setProperty("java.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol");
Unnecessary since JDK 1.4.
> System.setProperty("javax.net.ssl.trustStore", cacerts_path);
> System.setProperty("javax.net.ssl.keyStorePassword", cacerts_pwd);
Both unnecessary if cacerts is in the normal place, but it should have been javax.net.ssl.trustStorePassword.
> com.sun.net.ssl.HttpsURLConnection.setDefaultHostnameVerifier(new HostnameVerifier() {
> public boolean verify(String urlHost, String certHost) {
>
> return true;
> }
> });
>
> // setup the JSSE handler for the connection
> Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
Unnecessary since JDK 1.4.
ejpa at 2007-7-13 19:12:48 >
Thanks for the correction.
One question, when using Tomcat, placing the public key for the .cer file in the cacerts under the %JAVA_HOME%/jre/lib/security/cacerts should work properly right? provided the %JAVA_HOME% is defined in the environment variable, tomcat will be able to find it.
This is a lot cleaner!
Thanks again,
Rumpa Giri
> > > System.setProperty("java.protocol.handler.pkgs",
> "com.sun.net.ssl.internal.www.protocol");
>
> Unnecessary since JDK 1.4.
> > > System.setProperty("javax.net.ssl.trustStore",
> cacerts_path);
> >
> System.setProperty("javax.net.ssl.keyStorePassword",
> cacerts_pwd);
>
> Both unnecessary if cacerts is in the normal place,
> but it should have been
> javax.net.ssl.trustStorePassword.
> > >
> com.sun.net.ssl.HttpsURLConnection.setDefaultHostnam
> eVerifier(new HostnameVerifier() {
> > public boolean verify(String urlHost, String
> certHost) {
> >
> > return true;
> > }
> > });
> >
> > // setup the JSSE handler for the connection
> > Security.addProvider(new
> com.sun.net.ssl.internal.ssl.Provider());
>
> Unnecessary since JDK 1.4.
rgiria at 2007-7-13 19:12:48 >
I would have thought so, but Tomcat is another world ...
ejpa at 2007-7-13 19:12:48 >
Thanks for your both responses. I did the same and it works from my local machine to local server
But I am getting error when I was trying to connect from local system to server machine (Actual test)
Its connecting to server, after connecting I am reading the response using the following code
BufferedReader inp = new BufferedReader(new InputStreamReader(sk.getInputStream()));
Here I am getting the error (500) as follows
java.io.IOException: Server returned HTTP response code: 500 for URL: https://servername:port/
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:800)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(DashoA12275)
at com.iphis.util.IphisHTTP.readMessage(IphisHTTP.java:97)
at com.iphis.backend.application.Publisher.Publish(IPublisher.j
ava:134)
at com.iphis.backend.application.Publisher.Publish(IPublisher.j
ava:134
I found this link from forums and It did not work me.
http://forums.devarticles.com/java-development-38/javax-net-ssl-sslhandshakeexception-received-fatal-alert-handshake-failure-11809.html
Please help in this
SV
