This discussion is archived
4 Replies Latest reply: Apr 27, 2012 4:45 PM by EJP RSS

How to create client SSL connection without a certificate

user614224 Newbie
Currently Being Moderated
Hello,

I am a total SSL newbie. I have to connect to a 3rd party app via a SSL/TCP connection (not https). They vendor provided example code that works under C#. I need to emulate the same connection method, but in Java. The C# code looks something like this:

client = new TcpClient(hostName, int.Parse(clientPort));
sslStream = new SslStream(client.GetStream(), ...);
sslStream.AuthenticateAsClient(serverName);

So, I am provided with only three input parameters - host name, port, and a "server name". It appears that the .net runtime function, AuthenticateAsClient, lets you authenticate the connection with just the service name (not sure if that is the correct designation). There is no certificate of any kind on the client machine that is connection to the SSL server. Although I have found many SSL/Java examples on the web, I don't know what the construct/function calls would be in a Java environment to emulate the behavior of this AuthenticateAsClient function. Any help ig greately appreciated.

Thanks!
Leor
  • 1. Re: How to create client SSL connection without a certificate
    EJP Guru
    Currently Being Moderated
    You don't need an SSL certificate as client unless the server requires one ... in which case you, err, do.

    See the JSSE Reference Guide and code samples.
  • 2. Re: How to create client SSL connection without a certificate
    user614224 Newbie
    Currently Being Moderated
    OK, thanks.
  • 3. Re: How to create client SSL connection without a certificate
    user614224 Newbie
    Currently Being Moderated
    OK, I looked at the tutorials, and am still missing some key bit of knowledge. Here is my example code:

              SSLSocketFactory sslsocketfactory = (SSLSocketFactory)SSLSocketFactory.getDefault();
         SSLSocket sslsocket = (SSLSocket)sslsocketfactory.createSocket("usatl-w-100624", 11000);
         InputStream inputstream = System.in;
         InputStreamReader inputstreamreader = new InputStreamReader(inputstream);
         BufferedReader in = new BufferedReader(inputstreamreader);
         OutputStream outputstream = sslsocket.getOutputStream();
         OutputStreamWriter ow = new OutputStreamWriter(outputstream);
         
         sslsocket.startHandshake();

    On the call to startHandshake(), I get this error: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

    Of couse, this is expected, as I do not have a certificate in the java keystore. If I look at the JSSE examples, here: http://docs.oracle.com/javase/1.4.2/docs/guide/security/jsse/samples/index.html
    The SSLSocketClientWithClientAuth.java example looked relevant. However, it also is requesting a file path. My C# example does not access any file on the client. So, how do you do the equivalent in Java?
  • 4. Re: How to create client SSL connection without a certificate
    EJP Guru
    Currently Being Moderated
    Of couse, this is expected, as I do not have a certificate in the java keystore.
    No. That message means that your truststore doesn't trust the server's certificate.

    They are using a self-signed certificate. They need to export it to you and you need to import it into your truststore.

    You don't need to call startHandshake(), it is automatic on the first I/O.

Legend

  • Correct Answers - 10 points
  • Helpful Answers - 5 points