I am using the weblogicserver and I have enabled HTTPS connector.
I have a standalone Java program which connects to a site say, "xyz.com" and fetches me json over HTTPS. But when I try to run the same program on the server, it throws SSLHandshakeException.
Post the stacktrace...Have you added the certificate into weblogic trust store "cacerts"?
What are your java_options settings?If not set then try something similar to below
JAVA_OPTIONS="-Dweblogic.security.SSL.trustedCAKeyStore=/weblogic92/server/lib/cacerts ${JAVA_OPTIONS}"
Related
Earlier when I kept both apps(app1 & app2) in the same (Jboss)server, I can call[communicate] the api's available in app1 from app2. [Jboss ssl configured with certificate]
Now My issue is, I moved only my app2 into tomcat server[app2],without changing any code and tried to connect api's of app1. It is throwing the clientProtocol Exception.
I came to know the issue with ssl certificate, because app1 is ssl configured.
Is there any place I have to configure my tomcat server to trust the app1 with the SSL jboss certifcate or in java program I have to add the trustmanager SSL socket code.
Please let me know the possible solution I have been stucked .
You need to configure the tomcat environment to know that exists a certificate to use.
This is done with -Djavax.net.ssl.trustStore=mykeystore or setting it in JAVA_OPTS.
For Linux this is done as follow:
export JAVA_OPTS=-Djavax.net.ssl.trustStore=mykeystore
before calling ./startup.sh
I got the following exception while connecting to Mail server from IBM WAS.
javax.mail.MessagingException: Could not convert socket to TLS; nested exception is: java.net.SocketException: java.security.PrivilegedActionException: java.io.FileNotFoundException: D:\Program Files (x86)\IBM\WebSphere\AppServer\jre\lib\security\cacerts (The system cannot find the path specified.)
My question is:
What is the certificate that I should import? Is it the mail server's certificate which needs to be imported into WAS? Should I ask the mail server admin to share the certificate?
Once I figure out which certificate, I plan to follow these instructions to import it:
How to connect to a secure website using SSL in Java with a pkcs12 file?
That link is not the correct way to use mail sessions in WAS. Check this Websphere 7 javax.mail.MessagingException: SSLSocketFactory is null.
Try to use default SSL WebSphere configuration and Mail session resource. You will need to add your mail server certificate to the Trust store (NodeDeaultTrustStore or CellDefaultTrustStore depending whether you use standalone or network deployment version).
It should be possible to get mail server cert using a browser, when you connect using https://mailserver:port/ it should give you certificate which you could save locally and add to truststore. If you will have problems contact mail server admin.
PrivilegedActionException also suggest that you may have Java 2 security enabled. Check if it is enabled and if you really need it.
I installed LDAP server on my virtual machine(centOS) running on windows, now I want to access it from windows
So how do I enable remote access to LDAP server.
I tried installing 389 Directory Server (which is actually meant for fedora), on some forum I heard its a easy GUI to do the command line jobs easily, but I did not find the option to enable the remote login or any ip filters.
Note:
I am trying to use Java to login the LDAP server for authentication and authorization, for that I am using unboundid api
You can suggest which api should I use, I am just a beginner.
Update:
my java code
LDAPConnection ldap = new LDAPConnection("http://xxx.xx.xx.xxx", 9830);
error
an error occurred while attempting to connect to server http://xxx.xx.xx.xxx:9830: java.io.IOException: An error occurred while attempting to establish a connection to server http://xxx.xx.xx.xxx:9830: java.net.UnknownHostException: http://xxx.xx.xx.xxx')
I also tried ldap://xxx.xx.xx.xxx instead of http://xxx.xx.xx.xxx
Don't specify the server address as a URL. Just specify the address as either an IP address or resolvable name. So instead of "http://xxx.xx.xx.xxx" just use "xxx.xx.xx.xxx".
I try to connect to a wss (Secure Websocket) server with a java applet but the ssl handshake fails without any helpfull log entrys.
If I connect to wss://echo.websocket.org the handshake works fine, so I think it's not a general java code error.
If I try to connect to my own server, the HelloDone bit is sent (verified by wireshark) but the connections ends in a hang-up and it's not in the log. Normally there should be the following message in the log: "*** ServerHelloDone"
See my java console log of "javax.net.debug=sll"
http://pastebin.com/ZuvKww4J
It is not truncated, it simply ends there.
After a couple of seconds the tcp connection timeout message is added to the log.
I use the following example of java code:
https://github.com/TooTallNate/Java-WebSocket/blob/master/src/main/example/SSLClientExample.java
But instead of keystore I use:
sslContext.init( null, null, null );
For the server I have two different test systems:
At port 443 a ha-proxy
at port 8443 a stunnel.
I tried to isolate the error with different methods. First I forced with stunnel the same cipher as echo.websocket.org "SSL_RSA_WITH_RC4_128_SHA" but no success.
Second I checked if the ssl certificate itself is still valid. But as web browser and normal https connection by my java applet, are accepted from the server (Same server. ha-proxy orstunnel) everything is working at that point to.
Problem was solved by maintainer of Java-WebSocket.
Big thans
How to create Tomcat keystore file using JAVA
I am creating a http connection to SSL enabled tomcat server but it generates error SSL Handshake failed
So I want to create a keystore at runtime as i will be contacting multiple SSL enabled servers (Don't know this approach will be successfull or not)
Please suggest a way to how to create a tomcat keystore file using java program or any other way to bypass SSL handshake
Where are you getting sslhandshake error exactly? While client wants to connect to tomcat server or while tomcat server is trying to connect to other servers for some purpose? And can you paste the exception trace?
In either case, it does not make any sense to create keystore programatically in a server but one can inspect java's keytool source code to play on keystores.
http://grepcode.com/file/repository.grepcode.com/java/root/jdk/openjdk/7-b147/sun/security/tools/KeyTool.java/
Look at the How-To guide SSL configuration on Tomcat's official site
http://tomcat.apache.org/tomcat-4.1-doc/ssl-howto.html