• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

regarding cacerts from JAVA_HOME\jre\lib\security

 
Ranch Hand
Posts: 98
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi All,

I have some problems with secure connections. My jargon might not be at its best in this case coz I am relatively new to SSL and secure java programming. Here's the situation:

I have a client certificate which I have to include in my code to get access to a secure site. They asked me to create a keystore and a truststore. I created them and stored them in my c: directory for testing purposes and easy access. I didnt place anything in jre1.5.0_02\lib\security. My piece of code looks like this -

*************************************************************

char[] cert_passphrase = "YOUR_CERT_PASSWORD".toCharArray();
char[] store_passphrase = "YOUR_STORE_PASSWORD_or_changeit".toCharArray();

// SSLContext object, a protocol implementation that behaves as a
// factory for secure socket factories.
SSLContext ctx = SSLContext.getInstance("TLS","SunJSSE");

// Keystore object for the client certificate. Essentially an in-memory
// collection of private keys and any associated certificate chains.
// Use the path to the client (private) .pfx/.p12 certificate file and
// the certificate passphrase.
KeyStore keyStore = KeyStore.getInstance("PKCS12");
keyStore.load(new FileInputStream("C:\\certfile.pfx"), cert_passphrase);

// KeyManagerFactory object needed to associate the client certificate with
// the SSLContext object.
KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("SunX509", "SunJSSE");
keyManagerFactory.init(keyStore, cert_passphrase);

// Keystore object for the store (to access trusted server certs or CAs).
// Use the path to the global JRE "cacerts" file or a local ".keystore" file
// and the store passphrase.
KeyStore trustedKeyStore = KeyStore.getInstance("JKS");
trustedKeyStore.load( new FileInputStream("C:\\castore.jks"), store_passphrase);

// TrustManagerFactory object needed to associate the root store with the
// SSLContext object
TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("SunX509", "SunJSSE");
trustManagerFactory.init(trustedKeyStore);

// Associate both the client certificate and the root store with the
// SSLContext object
ctx.init(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), null);

// Create an SSLSocketFactory using the SSLContext object and use that
// factory as the default factory for HTTPS connections.
SSLSocketFactory sslSocketFactory = ctx.getSocketFactory();
HttpsURLConnection.setDefaultSSLSocketFactory(sslSocketFactory);

// Choose either the beta or production target POST URL
URL url = new URL("https://www.credcoconnect.com/CGI-BIN/CCListener.exe");
// URL url = new URL("https://beta.credcoconnect.com/CGI-BIN/CCListener.exe");

// Create a URLConnection object, enable I/O, disable caching, set the Content-Type
URLConnection c = url.openConnection();
c.setDoInput(true);
c.setDoOutput(true);
c.setUseCaches(false);

********************************************************************

now...all of the above validates fine....doesn't throw exceptions anywhere but after - when I try to get an outputStream as in

************************************************************

OutputStream out = c.getOutputStream();

************************************************************

I get the following error:

sun.security.validator.ValidatorException: No trusted certificate found

and yes I do have the certificate in my IE - internet options - content - certificates and it is valid till 2007.

Should I place the certificate in the jre? is that a must? I might be doing something really stupid here...hehee...but any help would be really appreciated.
 
Consider Paul's rocket mass heater.
reply
    Bookmark Topic Watch Topic
  • New Topic