Java SSL - sslecho SSL socket communication with client certificate



Similar documents
Chapter 1: How to Configure Certificate-Based Authentication

IUCLID 5 Guidance and Support

To install and configure SSL support on Tomcat 6, you need to follow these simple steps. For more information, read the rest of this HOW-TO.

SSL Certificate Generation

Copyright 2013 EMC Corporation. All Rights Reserved.

Creating and Managing Certificates for My webmethods Server. Version 8.2 and Later

Intro to AppDynamics with SSL

Universal Content Management Version 10gR3. Security Providers Component Administration Guide

Accessing PostgreSQL through JDBC via a Java SSL tunnel

Verify Needed Root Certificates Exist in Java Trust Store for Datawire JavaAPI

Creating an authorized SSL certificate

Entrust Certificate Services. Java Code Signing. User Guide. Date of Issue: December Document issue: 2.0

CS255 Programming Project 2

Exchange Reporter Plus SSL Configuration Guide

Installing Digital Certificates for Server Authentication SSL on. BEA WebLogic 8.1

SafeNet KMIP and Amazon S3 Integration Guide

KMIP installation Guide. DataSecure and KeySecure Version SafeNet, Inc

SolarWinds Technical Reference

Enterprise Content Management System Monitor 5.1 Security Considerations Revision CENIT AG Brandner, Marc

CHAPTER 7 SSL CONFIGURATION AND TESTING

PowerChute TM Network Shutdown Security Features & Deployment

How to Implement Transport Layer Security in PowerCenter Web Services

Customizing SSL in CA WCC r11.3 This document contains guidelines for customizing SSL access to CA Workload Control Center (CA WCC) r11.3.

SafeNet KMIP and Google Cloud Storage Integration Guide

Overview of Web Services API

Configuring Secure Socket Layer (SSL) for use with BPM 7.5.x

Configuring Secure Socket Layer and Client-Certificate Authentication on SAS 9.3 Enterprise BI Server Systems That Use Oracle WebLogic 10.

Cisco Prime Central Managing Certificates

Configuring TLS Security for Cloudera Manager

DISTRIBUTED CONTENT SSL CONFIGURATION AND TROUBLESHOOTING GUIDE

How to Implement Two-Way SSL Authentication in a Web Service

CRYPTOGRAPHY 456 ANDROID SECURE FILE TRANSFER W/ SSL

C-Series How to configure SSL

CA Nimsoft Unified Management Portal

Factory Application Certificates and Keys Products: SB700EX, SB70LC

Configuring the JBoss Application Server for Secure Sockets Layer and Client-Certificate Authentication on SAS 9.3 Enterprise BI Server Web

Lepide Active Directory Self Service. Configuration Guide. Follow the simple steps given in this document to start working with

Configuring HTTPS support. Overview. Certificates

Public Health Information Network Messaging System

Encrypted Connections

SSL Configuration on WebSphere Oracle FLEXCUBE Universal Banking Release [September] [2013] Part No. E

Oracle ebs Adapter Installation and Configuration Guide

How to Create Keystore and Truststore Files for Secure Communication in the Informatica Domain

Adeptia Suite 6.2. Application Services Guide. Release Date October 16, 2014

SSL Configuration Best Practices for SAS Visual Analytics 7.1 Web Applications and SAS LASR Authorization Service

SSL Considerations for CAS: Planning, Management, and Troubleshooting. Marvin Addison Middleware Services Virginia Tech October 13, 2010

IBM Security QRadar Vulnerability Manager Version User Guide

Improved Credential and SSL Configuration for EE 7

HTTPS Configuration for SAP Connector

SSO Plugin. Case study: Integrating with Ping Federate. J System Solutions. Version 4.0

Junio SSL WebLogic Oracle. Guía de Instalación. Junio, SSL WebLogic Oracle Guía de Instalación CONFIDENCIAL Página 1 de 19

NAT & Secure Sockets SSL/ TLS. ICW: Lecture 6 Tom Chothia

RHEV 2.2: REST API INSTALLATION

What in the heck am I getting myself into! Capitalware's MQ Technical Conference v

Developers Integration Lab (DIL) Certificate Installation Instructions. Version 1.4

NetApp SANtricity Web Service for E-Series Proxy 1.0

SSL Configuration on Weblogic Oracle FLEXCUBE Universal Banking Release [August] [2014]

Install an SSL Certificate onto SilverStream. Sender Recipient Attached FIles Pages Date. Development Internal/External None 5 6/16/08

BigMemory Max Security Guide. Version 4.3

Director and Certificate Authority Issuance

Oracle Enterprise Manager Installation and Configuration Guide for IBM Tivoli Enterprise Console Connector Release

Installation valid SSL certificate

Enable SSL in Go2Group SOAP Server

webmethods Certificate Toolkit

Installing BIRT Analytics 4.4

Java Client Side Application Basics: Decompiling, Recompiling and Signing

DOCUMENTUM CONTENT SERVER CERTIFICATE BASED SSL CONFIGURATION WITH CLIENTS

Secure Transfers. Contents. SSL-Based Services: HTTPS and FTPS 2. Generating A Certificate 2. Creating A Self-Signed Certificate 3

Sending Secure Electronic Mail (S/MIME) in Java (CAPS) the Easy Way May, 2009

IBM Unica emessage Version 8 Release 6 February 13, Startup and Administrator's Guide

Installation Procedure SSL Certificates in IIS 7

Configuring an Oracle Business Intelligence Enterprise Edition Resource in Metadata Manager

Setting up Single Sign-on in Service Manager

Application Note AN1502

Using LDAP Authentication in a PowerCenter Domain

Working with Portecle to update / create a Java Keystore.

2012 Nolio Ltd. All rights reserved

SSL/TLS Configuration for Tomcat Oracle FLEXCUBE Universal Banking Release [September] [2013] Part No. E

C O N F I G U R I N G O P E N L D A P F O R S S L / T L S C O M M U N I C A T I O N

Security Guide vcenter Operations Manager for Horizon View 1.5 TECHNICAL WHITE PAPER

Angel Dichev RIG, SAP Labs

Protect your CollabNet TeamForge site

Quick and Easy Solutions With Free Java Libraries Part II

Deploying Certificates with Cisco pxgrid. Using Self-Signed Certificates with ISE pxgrid node and pxgrid Client

Secure Communication Requirements

How to setup HTTP & HTTPS Load balancer for Mediator

Customer Tips. Xerox Network Scanning HTTP/HTTPS Configuration using Microsoft IIS. for the user. Purpose. Background

Enabling SSL and Client Certificates on the SAP J2EE Engine

Implementing Secure Sockets Layer on iseries

etoken Enterprise For: SSL SSL with etoken

Enterprise SSL Support

PUBLIC Connecting a Customer System to SAP HCI

SSL With Oracle JDBC Thin Driver

Microsoft Virtual Labs. Administering the IIS 7 File Transfer Protocol (FTP) Server

IBM Security Identity Manager Version 6.0. Security Guide SC

Setting Up SSL From Client to Web Server and Plugin to WAS

Service Manager 9.32: Generating SSL Profiles for an F5 HWLB

Transcription:

1 of 5 Java SSL socket sample - Kobu.Com 12/25/2012 1:18 PM Sitemap Japanese Java SSL - sslecho SSL socket communication with client certificate Download: sslecho.zip Introduction SSL socket (JSSE) is included standard with Java 2 Standard Edition 1.4.x. The developer can easily protect his/her own network service with SSL as well as easily connect to an SSL-based Web server (specify "https:" for URL class, or use HTTPSConnection class). A notable point of this sample is that the client side also supplies its public key certificate. In SSL communication, the server side always presents its certificate, the client can assure identify of the server. Usually, however, the client need not present its certificate, the server usually does not perform authentication of the client. In this sample, the client also supplies its certificate, authentication is done in both direction, which are effective in a situation where higher security is required. I took some sample code in O'Reilly's "Java Network Programming" written by Elliotte Rusty Harold as a staring point. Files server/server.class Execution file for server <- Deleted (please compile) server/server.java Source file for it server/server.jks server/server.cer server/clients.jks Keystore holding server's private key (example) Public key certificate for that private key (example) Trustsotre of certificates that the server trusts client/client.class Execution file for client <- Deleted (please compile) client/client.java client/client.jks Source file for it Keystore holding client's private key (example)

2 of 5 Java SSL socket sample - Kobu.Com 12/25/2012 1:18 PM client/client.cer client/servers.jks Public key certificate for that private key (example) Trustsotre of certificates that the client trusts sslecho.html This page Execution Run the server on one machine, and run the client on another machine. You can run both on the same machine. Change directory to "server" before running the server, and "client" before running the client. C:\SSLECHO> cd server C:\SSLECHO\SERVER> java server C:\SSLECHO> cd client C:\SSLECHO\CLIENT> java client -host <server-name> <server-name> is the name or IP address of the machine where the server is running. Specify "localhost" for <server-name> if you use one machine for running both. The server can handle any number of clients at the same time. When the connection is made, characters typed at the client are sent by lines, and the server returns the same characters to the client. These are displayed on the client screen. To quit, type a line only with a period (.) at the client. server = www.ssjava.net:7000 factory created socket created sender started receiver started handshake completed getciphersuite: SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA getprotocol: TLSv1 getpeerhost: www.ssjava.net Cert #0: CN=Sample echo server, OU=Tech, O=Kobu.Com,... Hello server Hello server Bye bye server Bye bye server. sender exit. receiver exit By default, a certificate is presented only by the server. If you specify "-clientauth" option, the client must also present its certificate for successful connection. C:\SSLECHO\SERVER> java server -clientauth

3 of 5 Java SSL socket sample - Kobu.Com 12/25/2012 1:18 PM C:\SSLECHO\CLIENT> java client -host <server-name> -clientauth Recompile Here is how to recompile the server and client source respectively. C:\SSLECHO\> cd server C:\SSLECHO\SERVER> javac server.java C:\SSLECHO\> cd client C:\SSLECHO\CLIENT> javac client.java Creating keystore and truststore. In this sample, as you can see in the list of files, files necessary for operation of an SSL application are already there. Here is description of how to create these files. See the description of "keytool" in the document for tools included in Java. Preparation of server-side certificate (mandatory) First, create a private key for the server in the server's private key storage (called keystore). The next example creates a private key named "server" (called alias) in a keystore named "server.jks." In the sample code, single password of "changeit" is used for all keystores and private keys. keytool -genkey -keystore server.jks -alias server Next, extract the public key for the private key created above in a certificate file called "server.cer." keytool -export -keystore server.jks -alias server -file server.cer At last, add this server certificate to the storage of trustable public key certificates (called truststore) used by the client. Here, store the certificate saved in file "server.cer" in the truststore named "servers.jks" and give the name of "server1" to the certificate. keytool -import -keystore servers.jks -alias server1 -file server.cer Place the server's keystore (singular "server.jks") in the same directory as "server.class." Place the truststore (plural "servers.jks") for the client in the same directory as

4 of 5 Java SSL socket sample - Kobu.Com 12/25/2012 1:18 PM "client.class." Notes: Keytool generates a DSA algorithm key pair by default. RSA keys are used in SSL-based Web servers. Specify "-keyalg RSA" for keys in the SSL certificate. Keytool outputs a binary-format certificate file by default. To output in an RFC1421 text-format, specify "-rfc." You don't have to specify the format when you import a certificate. Preparation of client-side certificate (when -clientauth is used) The procedures are the same as in the case of the server certificate. First, create a client's private key (aliased as "client") in the client's keystore ("client.jks"). keytool -genkey -keystore client.jks -alias client Next, extract the public key certificate in "client.cer." keytool -export -keystore client.jks -alias client -file client.cer Add this certificate to the server's truststore (clients.jks) with the name of "client1." keytool -import -keystore clients.jks -alias client1 -file client.cer Place the client's keystore (singular "client.jks") in the same directory as "client.class." Place the truststore (plural "clients.jks") for the server in the same directory as "server.class." Locations of default keystore and truststore This sample uses the private key storage (keystore) and certificate storage (truststore) in the same directory as the class file so that you don't have to change the existing Java settings. However, if you place the truststore in the location of JSSE default (<java.home>/jre/lib/security/jssecacerts), you don't have to explicitly specify the store location as in the sample code. Certificates bundled with this sample are self-signed certificates created by Kobu.Com with the above procedures. If you are going to use certificates signed by the third party (certificate authorities such as Verisign and Tharte), the authority's certificate must be in your truststore. Instead, the certificate in question need not be in the truststore. Certificates of some famous certificate authorities are already in the Java's default truststore (<java.home>/jre/lib/security/cacerts).

5 of 5 Java SSL socket sample - Kobu.Com 12/25/2012 1:18 PM See the Java documents related to security and the JSSE reference manual for detail. Reference O'Reilly "Java Network Programming, 2nd Edition" Elliotte Rusty Harold Java document "Java Secure Socket Extension (JSSE) Reference Guide" (docs/guide/security/jsse/jsserefguide.html) Java document "keytool - Key and Certificate Management Tool" (docs/tooldocs /windows solaris/keytool.html) Written: Apr 28, 2003 Written by: ARAI Bunkichi Presented by: Kobu.Com (www.kobu.com/en) The published sample code is a prototype and is not complete. Please refrain from duplicating the sample code and its document in another place. Copyright 2003 Kobu.Com. All rights reserved.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information