Secure socket tomcat / Websphere
For posting documents to a secure socket we created a secure socket client with a core like this:
SSLContext ctx;
KeyManagerFactory kmf;
KeyStore ks;
try{
ctx = SSLContext.getInstance("TLS");
kmf = KeyManagerFactory.getInstance("SunX509");
ks = KeyStore.getInstance("JKS");
ks.load(new FileInputStream(jksLocation), jksPasswrd.toCharArray());
kmf.init(ks, jksKeypassword.toCharArray());
ctx.init(kmf.getKeyManagers(), null,null);
factory = ctx.getSocketFactory();
}
This works fine under Tomcat. Now we have ported the application to Websphere Application Server and got an "SunX509 exception", so we changed to
kmf = KeyManagerFactory.getInstance("IbmX509");
And now we get an 'certificate expired' exception, while the certificate in the keystore is definitely not expired.
Any ideas?
Thanks in advance
[1169 byte] By [
Freyaa] at [2007-10-3 11:40:20]
I would change that to
kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
ks = KeyStore.getInstance(KeyStore.getDefaultType());
then you'll never have the first problem again.
Turn on the SSL debug tracing to see which certificate it is complaining about.
ejpa at 2007-7-15 14:09:33 >
Thank you for the tip, didn't think about KeyManagerFactory.getDefaultAlgorithm() !
I got it working, I added the server certificate to the keystore en used this as a truststore:
ks = KeyStore.getInstance("JKS");
ks.load(new FileInputStream(jksLocation), jksPasswrd.toCharArray());
kmf = KeyManagerFactory.getInstance(Globals.SSL_IMPL);
kmf.init(ks, jksKeypassword.toCharArray());
TrustManager[] tm;
TrustManagerFactory tmf = TrustManagerFactory.getInstance(Globals.SSL_IMPL);
tmf.init(ks);
tm = tmf.getTrustManagers();
SSLContext sslContext = SSLContext.getInstance("SSL");
sslContext.init(kmf.getKeyManagers(), tm, null);
It's strange this isn't needed on a Tomcat.
Freyaa at 2007-7-15 14:09:33 >
