4 Replies Latest reply: Apr 27, 2012 6:45 PM by EJP RSS

    How to create client SSL connection without a certificate

    user614224
      Hello,

      I am a total SSL newbie. I have to connect to a 3rd party app via a SSL/TCP connection (not https). They vendor provided example code that works under C#. I need to emulate the same connection method, but in Java. The C# code looks something like this:

      client = new TcpClient(hostName, int.Parse(clientPort));
      sslStream = new SslStream(client.GetStream(), ...);
      sslStream.AuthenticateAsClient(serverName);

      So, I am provided with only three input parameters - host name, port, and a "server name". It appears that the .net runtime function, AuthenticateAsClient, lets you authenticate the connection with just the service name (not sure if that is the correct designation). There is no certificate of any kind on the client machine that is connection to the SSL server. Although I have found many SSL/Java examples on the web, I don't know what the construct/function calls would be in a Java environment to emulate the behavior of this AuthenticateAsClient function. Any help ig greately appreciated.

      Thanks!
      Leor
        • 1. Re: How to create client SSL connection without a certificate
          EJP
          You don't need an SSL certificate as client unless the server requires one ... in which case you, err, do.

          See the JSSE Reference Guide and code samples.
          • 3. Re: How to create client SSL connection without a certificate
            user614224
            OK, I looked at the tutorials, and am still missing some key bit of knowledge. Here is my example code:

                      SSLSocketFactory sslsocketfactory = (SSLSocketFactory)SSLSocketFactory.getDefault();
                 SSLSocket sslsocket = (SSLSocket)sslsocketfactory.createSocket("usatl-w-100624", 11000);
                 InputStream inputstream = System.in;
                 InputStreamReader inputstreamreader = new InputStreamReader(inputstream);
                 BufferedReader in = new BufferedReader(inputstreamreader);
                 OutputStream outputstream = sslsocket.getOutputStream();
                 OutputStreamWriter ow = new OutputStreamWriter(outputstream);
                 
                 sslsocket.startHandshake();

            On the call to startHandshake(), I get this error: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

            Of couse, this is expected, as I do not have a certificate in the java keystore. If I look at the JSSE examples, here: http://docs.oracle.com/javase/1.4.2/docs/guide/security/jsse/samples/index.html
            The SSLSocketClientWithClientAuth.java example looked relevant. However, it also is requesting a file path. My C# example does not access any file on the client. So, how do you do the equivalent in Java?
            • 4. Re: How to create client SSL connection without a certificate
              EJP
              Of couse, this is expected, as I do not have a certificate in the java keystore.
              No. That message means that your truststore doesn't trust the server's certificate.

              They are using a self-signed certificate. They need to export it to you and you need to import it into your truststore.

              You don't need to call startHandshake(), it is automatic on the first I/O.