Java Security - Newbie ?: SSL from java thick client to windows server

Author

Newbie ?: SSL from java thick client to windows server

SmlHpy

2005-01-31, 4:01 pm

Hi - first I apologize because I have no idea what I am doing. I was
tasked with trying to get this to work and I don't even know Java! :)
We are trying to implement SSL from a Java thick client to a webservice
on a windows server. We created a self signed certificate on the
server. We can access the site through a browser using https and
accepting the certificate. What I can't get to work is logging on via
the java client. I get a "can't find trusted certificate" error. I've
installed the certificate in several "places" on my machine. Bear with
me here, because I don't know what this is, but I used mmc and placed
the certificat in personal,trusted root certificate and intermediate
certificate directories. I also thought I installed it through the
properties of the default website in IIS. We also added it to the
cacerts keystore. People have told me that if I install the certificate
correctly on the client machine, I won't need any code change in the
source code other than changing the original call from http to https.
But I don't know what I'm doing and it's not working. I can't find a
list of "steps" anywhere. That would be helpful. Does it matter that
it's a thick client and not a thin client? Any thoughts would be
appreciated as I'm pulling my hair out cause I just don't know what I
am doing! Thanks so much. :)

Edward A. Feustel

2005-01-31, 8:59 pm

"SmlHpy" <jennifer.renth@ngc.com> wrote in message
news:1107192548.451833.86750@f14g2000cwb.googlegroups.com...
> Hi - first I apologize because I have no idea what I am doing. I was
> tasked with trying to get this to work and I don't even know Java! :)
> We are trying to implement SSL from a Java thick client to a webservice
> on a windows server. We created a self signed certificate on the
> server. We can access the site through a browser using https and
> accepting the certificate. What I can't get to work is logging on via
> the java client. I get a "can't find trusted certificate" error. I've
> installed the certificate in several "places" on my machine. Bear with
> me here, because I don't know what this is, but I used mmc and placed
> the certificat in personal,trusted root certificate and intermediate
> certificate directories. I also thought I installed it through the
> properties of the default website in IIS. We also added it to the
> cacerts keystore. People have told me that if I install the certificate
> correctly on the client machine, I won't need any code change in the
> source code other than changing the original call from http to https.
> But I don't know what I'm doing and it's not working. I can't find a
> list of "steps" anywhere. That would be helpful. Does it matter that
> it's a thick client and not a thin client? Any thoughts would be
> appreciated as I'm pulling my hair out cause I just don't know what I
> am doing! Thanks so much. :)
>
>
Still need to know: where is the "can't find trusted certificate" error
occurring? client platform?
server platform? What tool was used to build the client application?
MS-Java? etc. --
each Java stores its certificates in a different place! Did you use the
mozilla java security library (JSS?) and NSS tools? If so, which version? --
the databases used are different!
Did the server request "mutual authentication" of the ssl library? Which one
are you using anyway?

Regards,
Ed

----== Posted via Newsfeeds.Com - Unlimited-Uncensored-Secure Usenet News==----
http://www.newsfeeds.com The #1 Newsgroup Service in the World! >100,000 Newsgroups
---= East/West-Coast Server Farms - Total Privacy via Encryption =---

jnagy

2005-02-01, 4:03 am

You can find the appropriate default directory by using the below
getproperty commands

System.out.println(System.getProperty("javax.net.ssl.trustStore"));
System.out.println(System.getProperty("javax.net.ssl.trustStorePassword"));

On my machine I get null for all of these, so setting them may be the
first step. It may be worth noting that java does not interface with
the windows trust stores in any way, at least not by default.

J N

SmlHpy

2005-02-01, 4:01 pm

I get the trusted certificate error when loggin on via the client. I
don't know how to tell any more. Client is developed in JBuilder.
Unfortunately I don't know the answers to the other questions. I don't
know what the JSS and NSS tools are so I haven't used them I guess. I
also didn't set up the server. I was told that was done correctly and
to get it to work on the client. Again, I wish I knew more. I just
don't know any of this technology. I've skimmed through J2EE security
by Pankaj Kumar. Even tried to just get a short program from the book
- GetUrl to work. Won't work when using https. ????

J N - I get null for both properties as well. What does that mean and
how do I set them - through code?

jnagy

2005-02-03, 4:00 am

Try the JSSE Reference Guide. Particularly section dealing with
setting up a keystore with the keytool utility.
http://java.sun.com/j2se/1.4.2/docs...SERefGuide.html

Once you have a keystore, you can make use of it in your client by
setting the trustStore properties. You can do that either in the code
or on the commandline when invoking the JVM (also covered in the
Reference Guide).

J N

Boris Tabenkin

2005-06-11, 3:58 am

jnagy wrote:
> Try the JSSE Reference Guide. Particularly section dealing with
> setting up a keystore with the keytool utility.
> http://java.sun.com/j2se/1.4.2/docs...SERefGuide.html
>
> Once you have a keystore, you can make use of it in your client by
> setting the trustStore properties. You can do that either in the code
> or on the commandline when invoking the JVM (also covered in the
> Reference Guide).
>
> J N
>
I have a similar problem, what are the exact steps for a client to talk
to a server running a self signed key. I want to do this form a thick
client as well as an applet.

How do you do this from code?

(Please see my other post)

Sponsored Links