Reputation: 5963
SSLException Bad Certificate
I've got a brief assignment for class which is to extend a simple Java server to support SSL on Ubuntu.
Ok, so to start, I did this:
private static SSLServerSocketFactory factory;
private static SSLServerSocket serverSocket;
public SimpleWebServer () throws Exception {
//dServerSocket = new ServerSocket (PORT);
factory = (SSLServerSocketFactory)SSLServerSocketFactory.getDefault();
serverSocket = (SSLServerSocket)factory.createServerSocket(8081);
}
public void run() throws Exception {
while (true) {
/* wait for a connection from a client */
//Socket s = dServerSocket.accept();
SSLSocket s = (SSLSocket)serverSocket.accept();
/* then process the client's request */
processRequest(s);
}
}
Seems mostly fine, I run the server as follows:
java -Djavax.net.ssl.keyStore=com/learnsecurity/keystore.jks -Djavax.net.ssl.keyStorePassword=123456 com/learnsecurity/SimpleWebServer
However, when I send a request to https://localhost:8081 from Firefox, the server bombs out on me with this junk:
Exception in thread "main" javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.Alerts.getSSLException(Alerts.java:154)
at sun.security.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:1796)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1039)
at sun.security.ssl.SSLSocketImpl.waitForClose(SSLSocketImpl.java:1574)
at sun.security.ssl.HandshakeOutStream.flush(HandshakeOutStream.java:122)
at sun.security.ssl.Handshaker.sendChangeCipherSpec(Handshaker.java:705)
at sun.security.ssl.ServerHandshaker.sendChangeCipherAndFinish(ServerHandshaker.java:1297)
at sun.security.ssl.ServerHandshaker.clientFinished(ServerHandshaker.java:1257)
at sun.security.ssl.ServerHandshaker.processMessage(ServerHandshaker.java:244)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:609)
at sun.security.ssl.Handshaker.process_record(Handshaker.java:545)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:978)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1223)
at sun.security.ssl.SSLSocketImpl.readDataRecord(SSLSocketImpl.java:838)
at sun.security.ssl.AppInputStream.read(AppInputStream.java:94)
at sun.nio.cs.StreamDecoder.readBytes(StreamDecoder.java:282)
at sun.nio.cs.StreamDecoder.implRead(StreamDecoder.java:324)
at sun.nio.cs.StreamDecoder.read(StreamDecoder.java:176)
at java.io.InputStreamReader.read(InputStreamReader.java:184)
at java.io.BufferedReader.fill(BufferedReader.java:153)
at java.io.BufferedReader.readLine(BufferedReader.java:316)
at java.io.BufferedReader.readLine(BufferedReader.java:379)
at com.learnsecurity.SimpleWebServer.processRequest(SimpleWebServer.java:62)
at com.learnsecurity.SimpleWebServer.run(SimpleWebServer.java:45)
at com.learnsecurity.SimpleWebServer.main(SimpleWebServer.java:178)
I generated the certificate by following this tutorial: http://www.sslshopper.com/article-how-to-create-a-self-signed-certificate-using-java-keytool.html
I've been searching around trying to find a resolution, but I've had no luck. I'm thinking since the server IS running that it's something to do with the certificate. Could someone point me in the right direction?
Upvotes: 0
Views: 5186
Answers (2)
Reputation: 5963
Ok, I'm not sure WHAT the hell happened here, but I somehow magically fixed it.
I wanted to see what was causing the exception, so I wrapped processRequest() with a try catch for a SSLHandshakeException. Suddenly, Firefox is yelling at me that the cert is untrusted (good sign). So I add the certificate from the server and all of a sudden the connection works. I close Firefox and try again, now it's broken again because of a NullPointerException. Ok, so I wrap my request parser with a NullPointerException try catch..now it's working with no problems. I don't even--can someone explain this madness?
Upvotes: 0
Reputation: 459
Your server is fine and it is ready to accept SSL connections from clients which it "trusts" that means whose certificates are available in the keystore of your server. And, in the above case, this is not true, because certificates in your FireFox are not listed in your server's keystore as trusted. So export your Firefox certificates and import them in your server's keystore as trusted certificates.
How to export certificates from FireFox
How to export certificates from Firefox 2
Upvotes: 1
Related Questions
- Java Keytool error after importing certificate , "keytool error: java.io.FileNotFoundException & Access Denied"
- Keytool error java.io.FileNotFoundException(the system cannot find the file specified)
- keytool error: java.lang.Exception: Certificate reply and certificate in keystore are identical
- openssl/keytool error: java.lang.Exception: Input not an X.509 certificate
- SSL Exception: javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_unknown
- SSL certificate in keystore not working
- Java keytool error: java.lang.Exception: Input not an X.509 certificate
- unable to connect to ssl server Received fatal alert: certificate_unknown and ReadDataRecord(SSLSocketImpl
- SSLHandshakeException while connecting to HTTPS from java code
- Keytool error: java.lang.Exception: Failed to parse input