I am trying to set up SSL certificates for Openfire XMPP server.
I deleted keystore file from /etc/openfire/security/ folder and have done all SSL cert setup procedures using web interface:
Generated CSR file from web interface
Placed this files contents on Comodo's website
Got CA keychain
Placed it's contents on web interface
This was all successful - the web interface shows success message
SSL successfully installed on Openfire server.
However I can't see any keystore file. Will this cause me any problems?
Related
When installing Dataminder, two web service ports are set up. One for http and the other for https.
A self-signed certificate is created during installation.
But we need to use a certificate from a certificate authority.
How do you change the certificate used on web service https port?
To replace the default self-signed certificate with certificates from a certificate authority the simplest is to replace
the DMKeyStore file (which is just a standard Java Keystore file) with a new Java Keystore file containing the new certificates.
Note that the new Keystore file must be named and placed at default destination:
DataMinder/Server/Config/Certificates/DMKeyStore
To start using the new certificates file update the DataMinder properties file:
DataMinder/Server/Config/DataMinder.properties
The properties to update are:
dataminder.environment.web.https.keyStorePassword=...
dataminder.environment.web.https.keyAlias=...
dataminder.environment.web.https.keyPassword=....
Update the properties and restart DataMinder. Now DataMinder will use the new certificates.
Note: The certificates are used both for the admin HTTPS and Web Service HTTPS ports.
I built a Web-Service application in Jdeveloper 11.1.1.7 and deployed it on weblogic 10.3.6 with all Key-store and SSL configuration.
SSl Configuration:
Use Server Certs : Checked
Two Way Client Cert Behavior: Client Certs Not Requested. [That is means it is one-way ssl.
Correct me if that wrong]
SSL Listen Port Enabled: Checked
Key-store Configuration:
Custom Identity and Custom Trust. The file path has been specified for those custom key store
A sample client application has been created and everything seems to be fine; I mean the client can not access the server application without specifying the trust store file location where the server certificate is stored and it is trusted at the client end.
By the server certificate I mean the same certificate that has been configured in server Key-store Configuration
for your information the client application referring to trust store as follow:
System.setProperty("javax.net.ssl.trustStore",[Trust-store location goes here]);
System.setProperty("javax.net.ssl.trustStorePassword", [password goes here]);
Till now nothing wrong. Next is the problem details:
For the purpose of testing I tried to access the deployed web-service application using the SoapUI (open source software). What is confusing is the request has been sent, accepted at the server and proceed without specifying any thing for server certificate nor trust store location in SoapUI project configuration !!
Why the SOAP request has been accepted from SoapUI without referring to server certificate? The request should be rejected in this case.
My experience with SoapUI is that it is quite lenient. For example, if it doesn't check if the CN of server certificate matches the fully qualified domain name in the URL. In your case, your server most likely uses a CA signed certificate. Most of the root and intermediate certificates of well known CA's (e.g. VeriSign/Symantec) are already included in the default truststores for most systems. If your server had used a self-signed certificate, then SoapUI would have incurred SSL error unless you import the self-signed certificates into the truststore of the host where SoapUI is running.
I am attempting to construct a Glassfish hosted web service that impersonates (for development testing) a WCF hosted web service. I have the WSDL from the WCF hosted service, and I can construct the Java service and Java client from the WCF-hosted WSDL with no issues. The WSDL uses Mutual Certificate Security for data exchange.
The WSDL has an embedded X509 certificate that matches the WCF server's host certificate.
When I try to connect my Java client to the Glassfish-hosted Java service I get - of course - certificate errors.
So what steps do I take to get this to work? I am assuming that:
A) I need to replace the X509 certificate string in the WSDL with the contents of the self-signed Glassfish certificate 's1as' created when I installed Glassfish.
B) Set the Glassfish server SSL parameters for the server Network config to use the default cacerts.jks and keystore.jks certificate stores supplied with the Glassfish installation. Even though I am not using SSL here, I am assuming the server needs to know where its truststore and keystore is to perform mutual certificate security across HTTP.
C) Add the 's1as' server certificate to the truststore for the Java client.
D) Add whatever certificate I was previously using for the original WCF connecting client to the keystore for the Glassfish server. (I am not sure on this one?)
Is there something I am missing here? Any assistance would be much appreciated.
Apparently, you're using message layer security, not SSL. So the communication layer is not encrypted, just the messages themselves.
This is done in Glassfish using the WSIT features. I suggest looking at the Mutual Certificate Security example in the WSIT Tutorial: http://docs.oracle.com/cd/E19316-01/820-1072/ahiem/index.html.
Basically, WSIT uses the keystores in as-install/domains/domain1/config, and you need to specify them by alias name in your WSIT descriptor.
Greets, Geert.
I'm trying to configure a Client/Server app after setting up 2-way SSL using the java SSLRMIClientSocketFactory and SSLRMIServerSocketFactory. I know that to set the keystore and truststore on the client I need to set -Djavax.net.ssl.trustStore and -Djavax.net.sslkeyStore.
The way I understand it Java web start downloads the jnlp and verifies the jar and launches the Client java application in a sandbox that then connects to the server application over RMI. The problem is that when the application is run in this sandbox, the default truststore and keystore is not the same as what java web start uses. Instead there is no default keystore and the default truststore is $JAVA_HOME/jre/lib/security/cacerts
Is there a way to use the same truststore and keystore that javaws uses? Ideally I would like to use the same trusted certs and client certs that the browser uses (and by extension javaws). This way If the users configure their certificate through the Java Control Panel, then the application will use the same certificates.
I'm a bit of a newbie when it comes to SSL security on WebSphere.
But basically I am calling a URL from my Java application hosted on WebSphere 6.1. The URL is a web service which is secured via SSL. As an example my URL is:
https://servername:portname/service
I call the web service using cURL using:
--cert test.cer --key
test-privkey.pem --pass "Password"
i.e. I have a .CER file and a .PEM file.
Please could someone advise how I configure WebSphere (through the Admin console) to secure "https://servername:portname/service" using the CER file and PEM file I have.
Thank you.
Whenever using a SSL URL, the JVM tries to recognize the certificate based on its trust store. The truststore file is named 'cacerts' and is present in the java/jre/lib/security folder.For the Webapp to recognize the SSL certificate, the root certificates* of the service must be imported into the cacerts store. This can be done with the help of 'keytool -import' in the java/jre/bin folder.
http://publib.boulder.ibm.com/infocenter/wasinfo/v6r1/index.jsp?topic=/com.ibm.websphere.express.doc/info/exp/ae/tsec_sslexchangesigncerts.html
Whenever using a SSL URL, the JVM tries to recognize the certificate based on its trust store. The truststore file is named 'cacerts' and is present in the java/jre/lib/security folder.For the Webapp to recognize the SSL certificate, the root certificates* of the service must be imported into the cacerts store. This can be done with the help of 'keytool -import' in the java/jre/bin folder.
Root certificate is the Certifying Authority [CA] of a service i.e the Organization that provides the SSL certificate will have a CA cert to identify itself.
Let me know if you need more details.