This week's book giveaways are in the Refactoring and Agile forums.
We're giving away four copies each of Re-engineering Legacy Software and Docker in Action and have the authors on-line!
See this thread and this one for details.
Win a copy of Re-engineering Legacy Software this week in the Refactoring forum
or Docker in Action in the Cloud/Virtualization forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Where to put the remote server certificate

 
Rajeev Muralidharan
Greenhorn
Posts: 9
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
All,
My program to connect to a remote server fails when it's trying to do this:
--------------------------------------------------------------------
private void setupServerKeystore() throws GeneralSecurityException, IOException {
serverKeyStore = KeyStore.getInstance( "c:/TEMP/ca-crt.pem" );
serverKeyStore.load( new FileInputStream( "server.public" ),
"public".toCharArray() );
-----------------------------------------------------------------------
The exception that is thrown is
----------------------------------------------------------------------
java.security.KeyStoreException: c:/TEMP/ca-crt.pem not found
----------------------------------------------------------------------
Please help. I am new to SSL's and stuff.
Thanks for your time.
Rajeev
 
Rajeev Muralidharan
Greenhorn
Posts: 9
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks to the web, found out that I need to use the keytool utility to generate the client and server key pairs with sample code like shown below. But where do I specify in here, the public key file for the remote server, I am trying to connect?
Thanks for your time.
Rajeev.
C:\Program Files\j2sdk_nb\j2sdk1.4.2\bin>keytool -genkey -alias serverprivate -k
eystore server.private -storetype JKS -keyalg rsa -dname "CN=Your Name, OU=Your
Organizational Unit, O=Your Organization, L=Your City, S=Your State, C=Your Coun
try" -storepass serverpw -keypass serverpw
 
Rajeev Muralidharan
Greenhorn
Posts: 9
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
C'mon people give me a few pointers
I assume most of you have done this basic stuff with sockets.
 
Rajeev Muralidharan
Greenhorn
Posts: 9
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Here's a question I can ask that I am sure will get some response.
Do you guys and gals think Ben and JLo should marry? Let me know ASAP.
If I've got your attention then please do look at my original post.
Cheers,
Rajeev
 
Rajeev Muralidharan
Greenhorn
Posts: 9
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator


HAPPY HALLOWEEN AND PLEASE CLOSE THIS THREAD 'COZ NO ONE'S OF ANY HELP ON THIS!!!
 
Jeremy Thornton
Ranch Hand
Posts: 91
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I've always found SSL stuff quite fiddly.
To save yourself grief I would:
1) make sure that you're familiar with the basic concepts (I'm not suggesting that you're not, just that I tried to shortcut a bit of reading when I first used SSL and it cost me in terms of sanity).
2) use debug option to help debug (-Djavax.net.debug=all)
I usually put trusted certificates in the cacerts file
cacerts file in JAVA_HOME/jre/lib/security.
If you can give a rough outline of where your looking, debug output etc. you'll probably get lots of help with this.
Cheers,
Jeremy.
 
Rajeev Muralidharan
Greenhorn
Posts: 9
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Jeremy,
Thanks for the reply. Here's what I've done so far.
I've created a keystore from the certificate that the remote server's admin gave and my program can access it when I say: serverKeyStore.load( new FileInputStream( "c:/temp/newcerts" ),
passphrase );
passphrase being the password to the keystore.
Is there anything else I need to do because my program fails during the handshake? The server admin for the remote server I am trying to connect does not require a certificate from us. What am I missing? Any help will be greatly appreciated.
Thanks for your time.
Rajeev.
 
Jeremy Thornton
Ranch Hand
Posts: 91
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
You need to make sure that the key is marked as "trusted" in the keystore (if you use keytool, you can get a summary of the entry).
Next what I would do is run up your application with the debug command line option and make sure that the correct keystore is being used etc.
You'll probably find an untrusted certificate type of exception if the wrong keystore is being used or the key can't be read.
It is fiddly but perseverence pays off :-)
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic