I am porting a ssl related project from c with openssl to java. In c part, we use openssl and set the engine as we designed ourselves. We use ENGINE_set_RSA() to set the rsa_priv_enc method which will use in the ssl handshake. Here is the problem, I want to find a class or method that can do the same thing in java, but nothing related was found. Maybe it is because English is not my local language and cannot use the exactly key word.
I had a similar problem sometime ago. Take a look to:
Client connecting to an SSL server with Self-Signed Certificates
I think it will help you.
Related
So, I have been using the Java Websockets API to create a WebSocket server in Java, which worked just fine, until I realized I should be using an SSL encrypted connection using "wss:myurl.tld". Basically, the API wants an SSLContext object to work with SSL, but I can't for the life of me figure out how to make one of those.
I looked at some examples and found out that if I could make a Java KeyStore file with a certificate I could make it work, so I tried to do that.
I started fiddling around with trying to get a "Let's Encrypt" certificate following these instructions but I ran into to some problems.
I run windows and I could find no software using the Let's Encrypt system that worked the same as in the instructions, and homebrew on my mac machine is broken, and it's running a too old OS to update.
Being rather inexperienced with SSL I had no real idea what to put in as parameters.
So, in short, how do I make my Java Websocket server use a secure SSL connection?
Oh, and pardon my messy English and lack of question-writing skills, I'm a bit new to these sorts of things.
I am writing a Java proxy which communicates to other servers using SSL.
It all works well using ServerSocketFactory along with keystore and trustore which is populated with the server cert.
I wonder, is there a way in Java 7 to disable the certification and trust all servers? (and yes I know this is risky - bu the proxy is for internal use only)
I have seen some examples of implementing TrustManager using X509TrustManager implementation, although apparently Java 7 does not support these contracts and X509TrustManager itself has been deprecated.
Appreciate your advise and any code sample on Java 7 that works.
MITM proxy servers (i.e. servers capable of looking into SSL/TLS traffic) normally use their own CA to generate fake certificates for the requested site.
Install this CA certificate in your client's trust store instead of tweaking the code. This is a much cleaner solution, and in the long run, it's easier to deploy.
(For a more direct answer to your question, the countless example of trust managers that do nothing still work fine in Java 7.)
What I did was implementing a java.security.Provider using the code mentioned in this post
https://code.google.com/p/misc-utils/wiki/JavaHttpsUrl
Note: it is the second solution offered.
This post does not mention that you should also add a keystore in-order to make things work.
So, these VM argument should be set as well (Unless so you will get an error message of "no cipher suites in common"):
-Djavax.net.ssl.keyStore=KEYSTORE LOCATION
-Djavax.net.ssl.keyStorePassword=YOUR PASS
I hope this will help you, since in all the places I looked at this part was not mentioned.
I have an GUI which is designed in JAVA and act as an client, and can communicate remotely to an server which is written in C/C++. Communication between them is made through Sockets. However the messages sent are not encrypted and is vulnerable to man-in-the-middle attacks. I was wondering what the best solution will be to protect the communication and wanted to implement SSL. Is it possible to do so, and if yes, what toolkit I should look into.
Java contains an SSL implementation called JSSE. See the Javadoc for the javax.net.ssl package. There is also a tutorial, and several examples are provided with the JDK.
You might not even need to modify the server at all. You could just stick stunnel in front of it.
A warning: With TLS/SSL you face a whole bunch of additional error conditions that you might need report or log, especially concerning certificates (wrong, expired, unable to verify due to networking / DNS issues)
I know this has been asked before but I haven't managed to find a really clear answer yet -
I'm trying to implement an API within an Android app. In order to make the initial connection, I need to talk to an HTTPS URL, identifying myself with a personal X509 certificate and key.
Doing this in "desktop" Java is easy as I just reference the files.
Has anyone tried this on Android? How do you get the certificate onto the device? How did you get the code to read that and make the connection.
I have looked at the X509 certificate classes, and the SSLSocketFactory, but I am very very new to even Java and do not fully understand it - can someone help me please - a pointer or a code snippet would be very welcome.
Many thanks
Don
Take a look here Trusting all certificates using HttpClient over HTTPS there is also source code. But be aware that there is bug in HttpsURLConnection in android's sdk - http://code.google.com/p/android/issues/detail?id=8625.
See related question.
I have a PEM file provided to me and was told that it will be needed in establishing a SSL socket that connects to a c++ server for some API calls. Does anyone know how I can read in the PEM file and connect? I was also given the parapharse password.
It sounds like the PEM file is a client cert for you to use to login to the server. If it is the client cert, and it sounds like it is, you will likely need a ca cert file also to use in validating the servers certificate in order to establish a connection.
The CA certs need to go into a truststore and your client certs need to go into a keystore. In Java, both of these will be JKS (although it has limited support for PKCS12.) There are default keystore/truststore locations for the JRE as well as for each user. You can also specify external locations for these files in your code, as in the examples below. The commons-ssl library seems to be able to support PEM directly, without the need for JKS, but I haven't used it.
The default passphrase for these keystores in Java is "changeit" without the quotes.
This page shows you have to read the PEM into your keystore/truststore. Here is another example.
Once you have your truststore and keystore set up properly, you need to pass the following JSSE system properties to your JVM:
javax.net.ssl.keyStore
javax.net.ssl.keyStoreType
javax.net.ssl.keyStorePassword
javax.net.ssl.trustStore
javax.net.ssl.trustStoreType
javax.net.ssl.trustStorePassword
You may specify them as -D parameters to the JRE or, as in the examples below, programatically.
Once you finish that, heres a commons-ssl example of creating a socket. Also, heres the Java api for SSLSocket. Heres also an example that doesn't use any apache commons.
You need a library that handles SSL. As John Ellinwood noted, some frameworks (such as Java 2 SE) offers these built-in, for others you'd need to use 3rd party libraries.
C developers often use openssl directly, but it can't be said to be easy and when using C++ there are several "gotchas" that are easy to fall into.
I suggest you use a C++ network library with support for SSL, such as QT's network library, or Poco NetSSL. See here for some tutorial documentation and here for the API documentation - you probably want to take a look at initializeClient which takes a PEM file directly.