aspose file tools*
The moose likes Sockets and Internet Protocols and the fly likes Where to put the remote server certificate Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Sockets and Internet Protocols
Bookmark "Where to put the remote server certificate" Watch "Where to put the remote server certificate" New topic
Author

Where to put the remote server certificate

Rajeev Muralidharan
Greenhorn

Joined: Oct 28, 2003
Posts: 9
All,
My program to connect to a remote server fails when it's trying to do this:
--------------------------------------------------------------------
private void setupServerKeystore() throws GeneralSecurityException, IOException {
serverKeyStore = KeyStore.getInstance( "c:/TEMP/ca-crt.pem" );
serverKeyStore.load( new FileInputStream( "server.public" ),
"public".toCharArray() );
-----------------------------------------------------------------------
The exception that is thrown is
----------------------------------------------------------------------
java.security.KeyStoreException: c:/TEMP/ca-crt.pem not found
----------------------------------------------------------------------
Please help. I am new to SSL's and stuff.
Thanks for your time.
Rajeev
Rajeev Muralidharan
Greenhorn

Joined: Oct 28, 2003
Posts: 9
Thanks to the web, found out that I need to use the keytool utility to generate the client and server key pairs with sample code like shown below. But where do I specify in here, the public key file for the remote server, I am trying to connect?
Thanks for your time.
Rajeev.
C:\Program Files\j2sdk_nb\j2sdk1.4.2\bin>keytool -genkey -alias serverprivate -k
eystore server.private -storetype JKS -keyalg rsa -dname "CN=Your Name, OU=Your
Organizational Unit, O=Your Organization, L=Your City, S=Your State, C=Your Coun
try" -storepass serverpw -keypass serverpw
Rajeev Muralidharan
Greenhorn

Joined: Oct 28, 2003
Posts: 9
C'mon people give me a few pointers
I assume most of you have done this basic stuff with sockets.
Rajeev Muralidharan
Greenhorn

Joined: Oct 28, 2003
Posts: 9
Here's a question I can ask that I am sure will get some response.
Do you guys and gals think Ben and JLo should marry? Let me know ASAP.
If I've got your attention then please do look at my original post.
Cheers,
Rajeev
Rajeev Muralidharan
Greenhorn

Joined: Oct 28, 2003
Posts: 9


HAPPY HALLOWEEN AND PLEASE CLOSE THIS THREAD 'COZ NO ONE'S OF ANY HELP ON THIS!!!
Jeremy Thornton
Ranch Hand

Joined: Feb 21, 2002
Posts: 91
I've always found SSL stuff quite fiddly.
To save yourself grief I would:
1) make sure that you're familiar with the basic concepts (I'm not suggesting that you're not, just that I tried to shortcut a bit of reading when I first used SSL and it cost me in terms of sanity).
2) use debug option to help debug (-Djavax.net.debug=all)
I usually put trusted certificates in the cacerts file
cacerts file in JAVA_HOME/jre/lib/security.
If you can give a rough outline of where your looking, debug output etc. you'll probably get lots of help with this.
Cheers,
Jeremy.
Rajeev Muralidharan
Greenhorn

Joined: Oct 28, 2003
Posts: 9
Jeremy,
Thanks for the reply. Here's what I've done so far.
I've created a keystore from the certificate that the remote server's admin gave and my program can access it when I say: serverKeyStore.load( new FileInputStream( "c:/temp/newcerts" ),
passphrase );
passphrase being the password to the keystore.
Is there anything else I need to do because my program fails during the handshake? The server admin for the remote server I am trying to connect does not require a certificate from us. What am I missing? Any help will be greatly appreciated.
Thanks for your time.
Rajeev.
Jeremy Thornton
Ranch Hand

Joined: Feb 21, 2002
Posts: 91
You need to make sure that the key is marked as "trusted" in the keystore (if you use keytool, you can get a summary of the entry).
Next what I would do is run up your application with the debug command line option and make sure that the correct keystore is being used etc.
You'll probably find an untrusted certificate type of exception if the wrong keystore is being used or the key can't be read.
It is fiddly but perseverence pays off :-)
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Where to put the remote server certificate