This discussion is archived
4 Replies Latest reply: Jul 4, 2012 10:30 AM by 931685 RSS

Connecting SSL certificate to SSLServer socket and client

931685 Newbie
Currently Being Moderated
I have been working on the SSL socket for 3 days. Fortunately I have learnt how to create certificate and server and client. But I am having problems enabling my server see the certificate that I create.

The last code I create displayed an error saying NoSuchAlgorithmException.

The certificate name is server.cer
keystore private key is server.jks
truststore is servers.jks


This is the code to call the certificate in my server code

System.setProperty("javax.net.ssl.keyStore","server.jks");
System.setProperty("javax.net.ssl.keyStorePassword","badskliz");
System.setProperty("javax.net.ssl.keyStoreType","SunX509");

//This is the settings for the truststore
System.setProperty("javax.net.ssl.trustStore","servers.jks");
System.setProperty("javax.net.ssl.trustStorePassword","badskliz");

//register an https protocol handler to service the network
System.setProperty("java.protocol.handler.pkgs","com.sun.net.ssl.internal.www.protocol");

SSLServerSocketFactory sslserversocketfactory =
(SSLServerSocketFactory) SSLServerSocketFactory.getDefault();
SSLServerSocket sslserversocket =
(SSLServerSocket) sslserversocketfactory.createServerSocket(443);
SSLSocket sslsocket = (SSLSocket) sslserversocket.accept();




This is the exact code. Thanks for your perusal
  • 1. Re: Connecting SSL certificate to SSLServer socket and client
    EJP Guru
    Currently Being Moderated
    It doesn't make sense to define the keystore and the truststore as being the same file. The keystore contains the server's private key and is unique to the server. The truststore contains certificates whose signatures the server should trust if provided by clients. It serves a completely different purpose. It is usually sufficient to let the truststore default to the one distributed with the JDK.
    The last code I create displayed an error saying NoSuchAlgorithmException
    Please post the full exception message and stack trace with an indication of which line of your code it is thrown at.
    /register an https protocol handler to service the network
    System.setProperty("java.protocol.handler.pkgs","com.sun.net.ssl.internal.www.protocol");
    You haven't needed this line of code for about eight years.
  • 2. Re: Connecting SSL certificate to SSLServer socket and client
    931685 Newbie
    Currently Being Moderated
    This is the complete exception error message

    java.security.NoSuchAlgorithmException: server.jks TrustManagerFactory not available
         at sun.security.jca.GetInstance.getInstance(GetInstance.java:142)
         at javax.net.ssl.TrustManagerFactory.getInstance(TrustManagerFactory.java:120)
         at SecureServer.<init>(SecureServer.java:44)
         at SecureServer.main(SecureServer.java:72)
    BUILD SUCCESSFUL (total time: 1 second)


    TrustManagerFactory trust = (TrustManagerFactory)TrustManagerFactory.getInstance("server.jks"); ---------------------Line 44



    Please EJP am a little bit confused about the the truststore file. Is it suppose to be the .cer file. According to the tutorial guide that I used in creating my ssl certificate

    server.jks ------------ is the keystore (private key)
    server.cer ------------- is the certificate (public key) which i created by exporting the server.jks file
    server.jks --------------- is the truststore that should be kept in the client side of the application.


    I have tried changing the truststore file to be server.cer

    but it still throws the same exception.

    I am kind of new to the ssl stuff so I am still learning the fundamentals please could you sheld more light on creating the keystore, truststore and calling it your application for the authentication and encryption process.

    Thans for your perusal and time, I really appreciate.
  • 3. Re: Connecting SSL certificate to SSLServer socket and client
    EJP Guru
    Currently Being Moderated
    The server doesn't need a truststore.

    The client only needs a custom truststore if the server certificate is self-signed, and the proper solution to that is to get the server certificate signed by a CA.

    Your code says servers.jks but the exception says server.jks, so somewhere you are confused about what this filename really is.

    The truststore is a JKS file created by the keytool utility. You import .crt files into it.
  • 4. Re: Connecting SSL certificate to SSLServer socket and client
    931685 Newbie
    Currently Being Moderated
    Thanks for your solution. I would go back to the code.

    "The client only needs a custom truststore if the server certificate is self-signed"

    How can i create a custom trustore?


    the proper solution to that is to get the server certificate signed by a CA.


    Cant i use a self signed certificate for a real world application without signing it by a CA?

Legend

  • Correct Answers - 10 points
  • Helpful Answers - 5 points