jsse

工作中会遇到https请求和接受相关的问题，这篇文章介绍的挺不错，转来记录一下，抽时间还会在这篇文章的基础上增加一些自己理解的东东。 摘 要 JSSE是一个SSL和TLS的纯Java实现，通过JSSE可以很容易地编程实现对HTTPS站点的访问。但是，如果该站点的证书未经权威机构的验证，JSSE将拒绝信任该证书从而不能访问HTTPS站点。本文在简要介绍JSSE的基础上提出了两种解决该问题的方法。 　　 引言 　　过去的十几年，网络上已经积累了大量的Web应用。如今，无论是整合原有的Web应用系统，还是进行新的Web开发，都要求通过编程来访问某些Web页面。传统的方法是使用Socket接口，但现在很多开发平台或工具如.NET、Java或PHP等都提供了简单的Web访问接口，使用这些接口很容易编程实现与Web应用系统的交互访问，即使要访问那些采用了HTTPS而不是HTTP的Web应用系统。 　　HTTPS，即安全的超文本传输协议，采用了SSL技术，被广泛使用以保证Web应用系统的安全性。访问Web应用的编程接口大多封装了SSL，使得访问HTTPS和访问HTTP一样简单。但是很多中、小型应用系统或基于局域网、校园网的应用系统所使用的证书并不是由权威的认证机构发行或者被其验证，直接使用这些编程接口将不能访问HTTPS。 　　本文将在简要介绍JSSE的基础上

I just installed Ubuntu 15.10 and their openjdk-8-jdk (by apt-get). Now I am missing the cacerts file. There is a link at the usual location: ls -l /usr/lib/jvm/java-8-openjdk-amd64/jre/lib/security/cacerts lrwxrwxrwx 1 root root 27 Oct 22 01:47 /usr/lib/jvm/java-8-openjdk-amd64/jre/lib/security/cacerts -> /etc/ssl/certs/java/cacerts but nothing at /etc/ssl/certs/java/cacerts: stat /etc/ssl/certs/java/cacerts stat: cannot stat ‘/etc/ssl/certs/java/cacerts’: No such file or directory This is due to a bug already reported here: Ubuntu bug ticket The ticket above links another similar issue ,

I have a RSA private key file (OCkey.pem). Using java i have to get the private key from this file. this key is generated using the below openssl command. Note : I can't change anything on this openssl command below. openssl> req -newkey rsa:1024 -sha1 -keyout OCkey.pem -out OCreq.pem -subj "/C=country/L=city/O=OC/OU=myLab/CN=OCserverName/" -config req.conf The certificate looks like below. /////////////////////////////////////////////////////////// bash-3.00$ less OCkey.pem -----BEGIN RSA PRIVATE KEY----- Proc-Type: 4,ENCRYPTED DEK-Info: DES-EDE3-CBC,EA1DBF8D142621BF BYyZuqyqq9

I want to create an app use SSLSocket : client send a String to server and server will uppercase that String and send back to client for display. SSLServer public class SSLServer { public static void main(String args[]) throws Exception { try{ //Creaet a SSLServersocket SSLServerSocketFactory factory=(SSLServerSocketFactory) SSLServerSocketFactory.getDefault(); SSLServerSocket sslserversocket=(SSLServerSocket) factory.createServerSocket(1234); //Tạo 1 đối tượng Socket từ serversocket để lắng nghe và chấp nhận kết nối từ client SSLSocket sslsocket=(SSLSocket) sslserversocket.accept(); //Tao cac

I have been tasked to implement a custom/standalone Java webserver that can process SSL and non-SSL messages on the same port. I have implemented an NIO server and its working quite well for non-SSL requests. I am having a heck of a time with the SSL piece and could really use some guidance. Here's what I have done so far. In order to distinguish between SSL and non-SSL messages, I check the first byte of the inbound request to see if it is a SSL/TLS message. Example: byte a = read(buf); if (totalBytesRead==1 && (a>19 && a<25)){ parseTLS(buf); } In the parseTLS() method I instantiate an

How can one programmatically obtain a KeyStore from a PEM file containing both a certificate and a private key? I am attempting to provide a client certificate to a server in an HTTPS connection. I have confirmed that the client certificate works if I use openssl and keytool to obtain a jks file, which I load dynamically. I can even get it to work by dynamically reading in a p12 (PKCS12) file. I'm looking into using the PEMReader class from BouncyCastle, but I can't get past some errors. I'm running the Java client with the -Djavax.net.debug=all option and Apache web server with the debug