LanguagesNamedAfterCofee
Reputation: 5952
SSL Communication Java
I have generated self-signed certificates for an admin instance of my app and a judge instance of my app. These instances are running on different machines and they both have copies of each others certificates and their own. I want to communicate between these two, and I am wondering whether my current approach is the correct way to do so:
CertificateFactory cf = CertificateFactory.getInstance("X.509");
Certificate certificate = cf.generateCertificate(new FileInputStream(...));
KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
keyStore.load(null, "test".toCharArray());
keyStore.setCertificateEntry("admin", certificate);
// Code omitted which repeats the above to set the judge certificate
TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
tmf.init(keyStore);
SSLContext ctx = SSLContext.getInstance("TLS");
ctx.init(null, tmf.getTrustManagers(), null);
factory = ctx.getSocketFactory(); // Or #getServerSocketFactory() if admin and not judge
With this I will be able to securely communicate with the two instances, correct?
Upvotes: 0
Views: 102
Answers (1)
user207421
Reputation: 311023
No. The KeyManager needs a keystore with a key entry, not a certificate entry. Just use keystore files as intended by the designers of JSSE.
Upvotes: 3
Related Questions
- How to communicate over SSL from a client in Java
- How to use SSL in Java correctly?
- SSLContext protocols
- Communication with server that support ssl in java
- Connecting via SSL with Java: The basics
- Java SSL Safety
- SSL connection from Java
- Java SSL Certificate
- Java SSL communication
- SSL question java web application