CODEWITHSUNDEEP
javasocketsssl
Satheesh
Satheesh

Reputation: 3

Connect to Server using SSL Socket with the help of certificate

I have a SSL Server which is written in Java using SSL Socket.Server is running properly.Now i need to connect to Server using client app.

Client code:

System.setProperty("javax.net.ssl.trustStore", "C:\\cacerts.jks");        
System.setProperty("javax.net.ssl.trustStorePassword", "changeit");

try {
    SSLSocketFactory sslsocketfactory = (SSLSocketFactory) SSLSocketFactory.getDefault();
    SSLSocket sslsocket = (SSLSocket) sslsocketfactory.createSocket("127.0.0.1", 800);

    InputStream inputstream = System.in;
    InputStreamReader inputstreamreader = new InputStreamReader(inputstream);
    BufferedReader bufferedreader = new BufferedReader(inputstreamreader);

    OutputStream outputstream = sslsocket.getOutputStream();
    OutputStreamWriter outputstreamwriter = new OutputStreamWriter(outputstream);
    BufferedWriter bufferedwriter = new BufferedWriter(outputstreamwriter);

    bufferedwriter.write("test"+"\n");
    bufferedwriter.flush();
    bufferedwriter.close();

} catch (Exception exception) {
    exception.printStackTrace();
}

In the above code,i'm using the same keystore file as truststore.

Is this good idea to use same keystore file as truststore at client side? if not how can i connect to server in secure manner?

Upvotes: 0

Views: 947

Answers (1)

user207421
user207421

Reputation: 310840

In the above code,i'm using the same keystore file as truststore.

No you're not. You're only using a truststore. If you're using a keystore, you must specify it:

System.setProperty("javax.net.ssl.keyStore", ...);        
System.setProperty("javax.net.ssl.keyStorePassword", ...);

and you should certainly not use the same file for both.

Upvotes: 1

Related Questions