Communication with server that support ssl in java

Question

I have a question for sslConnectionin java , I write below code for client side ( this application have to connect to server, I have server that support ssl )but I get this error” javax.net.ssl.SSLException: Connection has been shutdown: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target”

How can I resolve my problem ?

  public static void main(String[] args)  {
              BufferedReader in = new BufferedReader(
                 new InputStreamReader(System.in));
              PrintStream out = System.out;
              SSLSocketFactory f = 
                 (SSLSocketFactory) SSLSocketFactory.getDefault();
              try {
                 SSLSocket c =
                   (SSLSocket) f.createSocket("192.168.10.38", 7701);
                   printSocketInfo(c);
                   System.out.println("End printSocketInfo");
                   c.startHandshake();
                   System.out.println("HandShake oK");

                   BufferedWriter w = new BufferedWriter(
                    new OutputStreamWriter(c.getOutputStream()));
                   BufferedReader r = new BufferedReader(
                    new InputStreamReader(c.getInputStream()));
                   String m = null;
                // String m=
                 while ((m=r.readLine())!= null) {
                     System.out.println("11111");
                    out.println(m);
                    m = in.readLine();
                    System.out.println("M is:  "+ m);
                    w.write(m,0,m.length());
                    w.newLine();
                    w.flush();
                 }
                 w.close();
                 r.close();
                 c.close();
              } catch (IOException e) {
                 System.err.println(e.toString());
              }



 }

     private static void printSocketInfo(SSLSocket s) {
          System.out.println("Socket class: "+s.getClass());
          System.out.println("   Remote address = "
             +s.getInetAddress().toString());
          System.out.println("   Remote port = "+s.getPort());
          System.out.println("   Local socket address = "
             +s.getLocalSocketAddress().toString());
          System.out.println("   Local address = "
             +s.getLocalAddress().toString());
          System.out.println("   Local port = "+s.getLocalPort());
          System.out.println("   Need client authentication = "
             +s.getNeedClientAuth());
          SSLSession ss = s.getSession();
          System.out.println("   Cipher suite = "+ss.getCipherSuite());
          System.out.println("   Protocol = "+ss.getProtocol());
       }

I have a certificate file, how have to use this certificate?

Best Regards

Answer 1

Is it Self Signed certificate

If yes then you have two options First Option :

Import Certificate authority certificate in Global Java Certificate Trust store. This store is located at

%Java Installation%/jre/lib/security/cacerts

To import it you can use Keytool command which comes with java installation

keytool -import -alias keyName -file yourcertificate.crt -keystore cacerts

Advantage:

• No code modification needed.
• Simple to deploy

Disadvantage:

• cacert file will be overwritten in next java update. You have to import certificate again.
• Requires administrative privileges (both on Linux and windows)

---

Second Option :

If you want to bypass certificate validation follow Java: Overriding function to disable SSL certificate check

Else create new Trust store for your program

keytool -import -alias keyName -file yourcertificate.crt -keystore yourtruststore

This command will ask for password two times. Enter any password you want and input "yes" for any questions A file will be created at current directory by name "yourtruststore"

Now you need to use this trust store in your program

SSLSocketFactory sslFactory = null;
InputStream trustStore = null;
KeyStore keyStore = null;
trustStore = new FileInputStream("<your trust store absolute path>");
keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
keyStore.load(trustStore, "<your trust store password>".toCharArray());
TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
tmf.init(keyStore);
SSLContext ctx = SSLContext.getInstance("TLS");
ctx.init(null, tmf.getTrustManagers(), null);
sslFactory = ctx.getSocketFactory();

You can use this socket factory to open new sockets

Answer 2

You have to put the HTTPS certificate to your JVM. To get the certificate from the HTTPS, go through a browser, then click on the "lock" logo on the address bar. You should be able to export the certificate.

Solution for Linux: In $JAVA_HOME/jre/lib/security, use this command:

sudo keytool -import -alias keyName -file /[pathForYourKey]/keyName.cert -keystore cacerts

Default password for "cacerts" is changeit.