This week's book giveaway is in the OCPJP forum. We're giving away four copies of OCA/OCP Java SE 7 Programmer I & II Study Guide and have Kathy Sierra & Bert Bates on-line! See this thread for details.
I am trying to create a HttpsServer/Client so that I can create a proxy to examine traffic coming from the browser to the server. These types of tool are invaluable to people who test web application security. I have decided to use httpclient to send the requests and httpcore components for my server. At the moment I'm simply trying to establish the ssl socket connection between the browser and the server on port 8080. I have read all over and still cannot seem to get this to work. Here are the steps I did up to this point:
1. Created a CA cert with keytool and added it to file called cacerts
2. I added this cert to the firefox browser instance listening on port 8080
3v . In my code i do the following to call that cert in the server code
Then when I call the accept on the socket as seen below i get the following exception:
I/O error initialising connection thread: No available certificate or key corresponds to the SSL cipher suites which are enabled.
javax.net.ssl.SSLException: No available certificate or key corresponds to the SSL cipher suites which are enabled.
at com.sun.net.ssl.internal.ssl.SSLServerSocketImpl.checkEnabledSuites(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLServerSocketImpl.accept(Unknown Source)
I think it is saying that the ciphers from the browser (client) does not have same ciphers? I have that cert in its configuration settings though. I honestly don't understand what I should be doing. Why the heck does java make SSL such a pain in the ass!
I read on a site the following explanation on how the proxy should handle certs
what I did for the proxy was got the client to trust a CA cert of my own.The mitm-proxy would then use that cert to generate whatever server certs are needed (on demand). the advantage of using a CA cert is that you will be able to mitm connections to new servers without having to get it to trust new certs you made up just now.
My questions are:
1) any idea where i'm going wrong on trying to establish the ssl socket?
2) that explanation of how the proxy"server" should handle certs is this how i'm approaching it? i have a self-signed cert in my trustore and in browser
I tried a few things and still no luck!. This is what I did