azizkhani.net

I know that I know nothing

https test using certificate & keystore

clock June 13, 2014 20:58 by author Administrator

 

package org.springframework.integration.samples.rest;

import java.io.BufferedReader;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.net.MalformedURLException;
import java.net.URL;

import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;

public class HttpsTest {
    public static void main(String[] args) {
        System.setProperty("javax.net.ssl.keyStore","/azizkhani/keystore.jks");
        System.setProperty("javax.net.ssl.keyStorePassword", "pass");

        // full log for debugging
        System.setProperty("javax.net.debug", "all");

        try {
            try {
                javax.net.ssl.HttpsURLConnection.setDefaultHostnameVerifier(
                        new javax.net.ssl.HostnameVerifier(){
                     
                            public boolean verify(String hostname,
                                    javax.net.ssl.SSLSession sslSession) {
                                if (hostname.equals("ansarrootca")) {
                                    return true;
                                }
                                return false;
                            }
                        });
                URL url = new URL("https://site:3443");
                InputStream is = url.openStream();
                BufferedReader in = new BufferedReader(new InputStreamReader(is));
                String inputLine = null;
                while ((inputLine = in.readLine()) != null)
                    System.out.println(inputLine);
                in.close();
                is.close();
            } catch (MalformedURLException e) {
                e.printStackTrace();
            }

        } catch (Exception e) {
            e.printStackTrace();
        }
    }
}

 



using keystore & trust store in java

clock June 13, 2014 20:51 by author Administrator

 

add this code for run application that use  keystore

option1

System.setProperty("javax.net.ssl.keyStore","/azizkhani/Java/pdf/EIA/keystore.jks");
System.setProperty("javax.net.ssl.keyStorePassword", "pass");
System.setProperty("javax.net.debug", "all");

 

option2

 

-Djavax.net.ssl.keyStore=/azizkhani/Java/pdf/EIA/keystore.jks

-Djavax.net.ssl.keyStorePassword=pass;

 



disable java check for subject alternative names in certificate

clock June 13, 2014 20:41 by author Administrator

when i want to invoke https webservice by certificate(keystore.jks) .

i get this exception

 java.security.cert.CertificateException: No subject alternative names present

ip of webservice is 192.168.1.10 but certificate is created for 192.168.1.20

java check this in client and throw this exception 

i add host for 192.168.1.20  in my os and add this line in application

this code disable this check


javax.net.ssl.HttpsURLConnection.setDefaultHostnameVerifier(
                new javax.net.ssl.HostnameVerifier(){
            
                    public boolean verify(String hostname,
                            javax.net.ssl.SSLSession sslSession) {
                        if (hostname.equals("azizkhanihost")) {
                            return true;
                        }
                        return false;
                    }
        });

 



Import PKCS12 private keys into JKS keystores using Java Keytool

clock June 8, 2014 20:31 by author Administrator
  1. Create an empty JKS store
    keytool -genkey -alias alice -keystore alice.jks
    keytool -delete -alias alice -keystore alice.jks
  2. Import alice.p12 into alice.jks
    keytool -v -importkeystore -srckeystore alice.p12 -srcstoretype PKCS12 
    -destkeystore truststore.jks -deststoretype JKS


managing and examining keystores by (Portecle software)

clock June 8, 2014 20:24 by author Administrator

Portecle is a user friendly GUI application for creating, managing and examining keystores, keys, certificates, certificate requests, certificate revocation lists and more.

  • Create, load, save, and convert keystores.
  • Generate DSA and RSA key pair entries with self-signed version 1 X.509 certificates.
  • Import X.509 certificate files as trusted certificates.
  • Import key pairs from PKCS #12 and PEM bundle files.
  • Clone and change the password of key pair entries and keystores.
  • View the details of certificates contained within keystore entries, certificate files, and SSL/TLS connections.
  • Export keystore entries in a variety of formats.
  • Generate and view certification requests (CSRs).
  • Import Certificate Authority (CA) replies.
  • Change the password of key pair entries and keystores.
  • Delete, clone, and rename keystore entries.
  • View the details of certificate revocation list (CRL) files.

http://portecle.sourceforge.net/images/portecle.png



create trustStore from .cert file

clock June 8, 2014 20:09 by author Administrator

 

keytool -import -file C:\certificate.cert -alias firstCA -keystore myTrustStore

 



About the author

 Welcome to this web site . This page has two purposes: Sharing information about my professional life such as articles, presentations, etc.
This website is also a place where I would like to share content I enjoy with the rest of the world. Feel free to take a look around, read my blog


Java,J2EE,Spring Framework,JQuery,

Hibernate,NoSql,Cloud,SOA,Rest WebService and Web Stack tech...

RecentPosts

Month List

Sign In