This discussion is archived
6 Replies Latest reply: Dec 22, 2010 10:49 AM by 825461 RSS

Working with SSL in the emulator

843851 Newbie
Currently Being Moderated
Hi!
I am trying to develop an application that uses SSL to communicate with the host. To test this I have got a certificate installed on my computer for SSL communication and it works in both Internet Explorer and Firefox (where I had to add an exception to allow it). I now try to add it to the emulator.

As far as I have understood this is a two step process. I first have to add it to my Java SE keystore, and then export it from the Java SE keystore to the Java ME keystore. I have done that with the mekeytool and added it to the default keystore, but still it does not work. Also when I open 'Manage Certificate Authorities' in the emulator my certificate is not in the list, but when I use mekeytool -list command it is. What am I doing wrong??

Erik Wetterberg

Edited by: erikw on Apr 24, 2009 1:04 AM

Edited by: erikw on Apr 24, 2009 1:17 AM
  • 1. Re: Working with SSL in the emulator
    843851 Newbie
    Currently Being Moderated
    Hi!

    I'll bump this thread because it seems to be the same topic as mine.

    I tried the 3.0's emulator because I can't get the record stores on WTK 2.5.2 emulator to work properly (see my older posts). Anyway, I couldn't figure out how to use certificates in 3.0. Granted, I don't know anything about certificates in the first place. I have a keystore file and a certificate file which work on 2.5.2 with the following procedure:

    - Launch Certificate Manager
    - Import certificate (the certificate file)
    - Launch Sign MIDlet
    - Load keystore from file (the keystore file)
    - Select Keystore -> Import certificate

    How is this done in 3.0? I found the Keystores Manager and imported the keystore file. That won't work since nobody seems to know a password for it (it wasn't needed before). I also tried to import the certificate to the default keystore, but there's only "new" and no "import". So how does this work?

    --grimripper                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                           
  • 2. Re: Working with SSL in the emulator
    843851 Newbie
    Currently Being Moderated
    Root certificate must be imported into mekeystore. MEkeystore is a keystore with root certificates. Main difference between wtk and java me sdk 3.0 is that instances of emulator are independent and each one has its own mekeystore. You can look into Documents And Settings\<username>\javame-sdk\3.0\work There are stored emulator instances. Each instance is identified by the instance_id and the name (for example DefaultCldcPhone1 or DefaultCldcPhone2, DefaultJtwiPhone 1 etc, names are in properties.xml file under each instance). MEkaytore is in <instance_id>/appdb/_main.ks

    #import certificate into keystore from export.cer file
    keytool.exe -importcert -alias myalias -file export.cer -keystore ..\runtimes\cldc-hi-javafx\lib\keystore.ks -storepass keystorepwd

    #import root certificate into mekeystore in domain "identified"
    mekeytool.exe -import -MEkeystore c:\Documents And Setings\<username>\javame-sdk\3.0\work\<id>\appdb\_main.ks -keystore ..\runtimes\cldc-hi-javafx\lib\keystore.ks -alias myalias -storepass keystorepwd -domain identified

    sign midlet Demos with myalias
    jadtool.exe -addcert -alias myalias -storepass keystorepwd -keystore ..\runtimes\cldc-hi-javafx\lib\keystore.ks -inputjad ..\apps\Demos\dist\Demos.jad -outputjad ..\apps\Demos\dist\Demos.jad

    jadtool.exe -addjarsig -jarfile ..\apps\Demos\dist\Demos.jad -alias myalias -storepass keystorepwd -keypass keypwd -keystore ..\runtimes\cldc-hi-javafx\lib\keystore.ks -inputjad ..\apps\Demos\dist\Demos.jad -outputjad ..\apps\Demos\dist\Demos.jad
  • 3. Re: Working with SSL in the emulator
    843851 Newbie
    Currently Being Moderated
    Thanks, I got the certificates installed and working :)
  • 4. Re: Working with SSL in the emulator
    843851 Newbie
    Currently Being Moderated
    This can be a chore to do on the Command Line because the paths to all the files are quite long. I really think Sun should have created UI tools for this kind of thing before the transition to JavaME SDK 3.0; the developer experience seems to have taken a step back from WTK2.5 (which, I seem to remember, had common root certificates included anyway).

    Fortunately someone's written an excellent cross-platform keystore tool called 'Portecle' which makes tasks like this a breeze. Definitely staying on my tool-belt....

    [http://portecle.sourceforge.net/|http://portecle.sourceforge.net/]
  • 5. Re: Working with SSL in the emulator
    825461 Newbie
    Currently Being Moderated
    I have a CA certificate. I loaded this certificate in a .net C# program, it can communicate with the corresponding java program. I have verified that the java program can communicate with my cldc midlet application. ( I am using WTK2.5.2) . now I want to my .net C# application communicate with the cldc. I am running .net as server and cldc emulator as client. Once it launched. I got following error message from the .net server window:
    *************************************************************************************************************
    System.Security.Authentication.AuthenticationException: A call to SSPI failed, s
    ee inner exception.
    at System.Net.Security.SslState.StartSendAuthResetSignal(ProtocolToken messag
    e, AsyncProtocolRequest asyncRequest, Exception exception)
    at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToke
    n message, AsyncProtocolRequest asyncRequest)
    at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, A
    syncProtocolRequest asyncRequest)
    at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 coun
    t, AsyncProtocolRequest asyncRequest)
    at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes
    , AsyncProtocolRequest asyncRequest)
    at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocol
    Request asyncRequest)
    at System.Net.Security.SslState.ForceAuthentication(Boolean receiveFirst, Byt
    e[] buffer, AsyncProtocolRequest asyncRequest)
    at System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult lazyRes
    ult)
    at System.Net.Security.SslStream.AuthenticateAsServer(X509Certificate serverC
    ertificate, Boolean clientCertificateRequired, SslProtocols enabledSslProtocols,
    Boolean checkCertificateRevocation)
    at recursionsw.voyager.security.ssl.SSLServerSocketPolicy.getSSLStream(TcpCli
    ent socket) in C:\MyProject\workspace\firefly-csharp-port\core\csharp\src\recurs
    ionsw\voyager\security\ssl\SSLServerSocketPolicy.cs:line 83
    System.ComponentModel.Win32Exception: The client and server cannot communicate,
    because they do not possess a common algorithm
    *************************************************************************************************
    here are the steps that I used to sign the midlet
    1. launch Manage Certificates from WTK2.5.2's utility
    2. import .net certificate into _main.mks
    3. launch Sign Midlet from utility
    4. load keystore file that was used by java application
    5. Import .net certificate into the java keystore. and have an alias associated with it.
    6. If I sign middlet with a jad file I got an error message
    "the keystore does not contain a private key associated with this alias!!"
    7. I have to create a new Key Pair and use that to sign the midlet.
    8. I launched my .net application and then loaded signed midlet in the emulator. now I get the message on my .net server window
    *********************************************************************************************************
    System.Security.Authentication.AuthenticationException: A call to SSPI failed, s
    ee inner exception. details listed above
    **********************************************************************************************************
    what did I do wrong?
  • 6. Re: Working with SSL in the emulator
    825461 Newbie
    Currently Being Moderated
    I found the solution. Here is the link: http://support.microsoft.com/kb/907829.

    I added the option SecurityProtocolType.Tls | SecurityProtocolType.Ssl3 to my code and it works