WE are having a webstart application.
Currently it is running fine.
Our jnlp file has unsecure links ie) http://********
When i change this from http to https://********* we are getting ssl handshake error.
How to make this working.
I hope we should install the security certificate in the client machine but our system is vast sowe need to either download the certificate or skip the certifiate checking part while using https.
Currently we are in Java 6. We are going to Migrate our application to Java8
Can someone please suggest some solution.?
Thanks in advance.
Related
Earlier when I kept both apps(app1 & app2) in the same (Jboss)server, I can call[communicate] the api's available in app1 from app2. [Jboss ssl configured with certificate]
Now My issue is, I moved only my app2 into tomcat server[app2],without changing any code and tried to connect api's of app1. It is throwing the clientProtocol Exception.
I came to know the issue with ssl certificate, because app1 is ssl configured.
Is there any place I have to configure my tomcat server to trust the app1 with the SSL jboss certifcate or in java program I have to add the trustmanager SSL socket code.
Please let me know the possible solution I have been stucked .
You need to configure the tomcat environment to know that exists a certificate to use.
This is done with -Djavax.net.ssl.trustStore=mykeystore or setting it in JAVA_OPTS.
For Linux this is done as follow:
export JAVA_OPTS=-Djavax.net.ssl.trustStore=mykeystore
before calling ./startup.sh
I am using java 1.6 in my machine and currently I am facing the below exception.
JSSESocketFactory.makeSocket ldap. ... :636, server certificate change is restricted during renegotiation
for an work around I have updated below properties into my weblogic configuration setup
-Dsun.security.ssl.allowUnsafeRenegotiation=true
-Djdk.tls.allowUnsafeServerCertChange=true
But Still I am getting server certificate change is restricted during negotiation.
Please let me know if there is anything else I can update in the configuration.
Thanks for your help guys.
I have an SSL client certificate. It was working with my app up until one of the Java updates happened at some point in the recent past (maybe as far back as a year). It works with web browsers. It works with curl.
For example, I can do this and it is fine:
curl --cert example.pem https://example.net
Now I cannot get this cert to work with Java. I've gone as far as trying a very minimal app, like SSLPoke from https://gist.github.com/4ndrej/4547029
Putting the cert into the client certs from ControlPanel doesn't do it.
Importing the .pem into a keystore and then pointing at that keystore with -Djavax.net.ssl.trustStore or .keystore doesn't do it.
All I get out of Java is:
javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
So I can't figure out what is wrong - the way I'm invoking Java? The place I'm putting the certificate? The way I've imported the certificate?
The debug output using -Djava.security.debug=all does not show it using the trustStore/keyStore I specify. It doesn't even show anything about the URL I'm trying to reach.
I'm out of ideas.
Your server is likely using an outdated SSL protocol, that Java is no longer allowing, by default, for security reasons.
Try running Java with this option (e.g. needed for older SQL Server instances):
-Djsse.enableCBCProtection=false
If that doesn't work, maybe the server is using SSLv3, so see this SO question for How to enable SSL 3 in Java.
If any of those work, they are workarounds need to downgrade the SSL security, so you are strongly encouraged to upgrade the server instead, and remove these workarounds again.
I created a java agent that needs to connect to an API internaly. The protocol used is HTTPS. When the agent tries to connect to the API it throws the following error:
com.ibm.jsse2.util: no trusted certificate found. This all is running on a Domino 9.0.1fp3 server. The SSL certificate is a self signed certificate with a custom certificate authority.
I tried the following solution http://www-01.ibm.com/support/docview.wss?uid=swg21588966 but to no success. Even when we restarted the server it does not correctly pick up the certificate chain. As a last resort we created a little java class that ignores SSL certificates that are self signed. But ofcourse this is not a great solution.
I was wondering if someone also encountered this issue and knows how to solve it.
Apparently IBM forgot to mention that you actually need to restart the whole server for this to work....
How to create Tomcat keystore file using JAVA
I am creating a http connection to SSL enabled tomcat server but it generates error SSL Handshake failed
So I want to create a keystore at runtime as i will be contacting multiple SSL enabled servers (Don't know this approach will be successfull or not)
Please suggest a way to how to create a tomcat keystore file using java program or any other way to bypass SSL handshake
Where are you getting sslhandshake error exactly? While client wants to connect to tomcat server or while tomcat server is trying to connect to other servers for some purpose? And can you paste the exception trace?
In either case, it does not make any sense to create keystore programatically in a server but one can inspect java's keytool source code to play on keystores.
http://grepcode.com/file/repository.grepcode.com/java/root/jdk/openjdk/7-b147/sun/security/tools/KeyTool.java/
Look at the How-To guide SSL configuration on Tomcat's official site
http://tomcat.apache.org/tomcat-4.1-doc/ssl-howto.html