0 Replies Latest reply: Apr 23, 2011 4:05 AM by 857273 RSS

    Apache+SSL(ubuntu10)

    857273
      Please, help me connect with SSL in javaME. Server apache2. OS UBUNTU 10.

      I do this:

      -------------------- create my CA, sign server and client side with my CA -----------------
      cd /home/work/keystores

      --- create my CA---
      openssl genrsa -des3 -out ca.key 2048
      openssl req -new -x509 -days 365 -key ca.key -out ca.crt

      -- create server certificate ---
      openssl genrsa -des3 -out server.key 2048
      openssl req -new -key server.key -out server.csr
      openssl x509 -req -days 365 -in server.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out server.crt

      -- remove passwords for apache ---
      openssl rsa -in server.key -out server.key.insecure
      mv server.key server.key.secure
      mv server.key.insecure server.key

      sudo cp server.key /etc/apache2/ssl
      sudo cp server.crt /etc/apache2/ssl

      --- import root ca into keystore ---
      keytool -import -trustcacerts -alias cacert -file ca.crt -keystore keystore.jks
      keytool -genkey -alias my -keyalg RSA -keystore keystore.jks -keysize 2048

      --- generate csr ---
      keytool -certreq -alias my -keystore keystore.jks -file my.csr

      ---sign with CA
      openssl x509 -req -days 365 -in my.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out my.crt

      ---import certificate into keystore ---
      keytool -import -trustcacerts -alias my -file my.crt -keystore keystore.jks
      ------------------------------------------------------------------------------------------------------------


      apache starts successfully, virtual host(myhostname.com) opening

      I'm testing in emulator:

      Trying sign midlet with my.crt - can't connect.

      Trying code:

      [code=java]
      CertStore cs = new CertStore() {
      public X509Certificate[] getCertificates(String arg0) {
      Logger.debug("get certificates");

      try {
      X509Certificate[] certs = new X509Certificate[1];
      InputStream is = this.getClass().getResourceAsStream("/my.crt");
      Logger.debug("inputStream: " + is);
      byte[] buffer = new byte[is.available()];
      is.read(buffer);
      Logger.debug("cert length: " + buffer.length);
      certs[0] = X509Certificate.generateCertificate(buffer, 0, buffer.length);
      return certs;
      } catch (Exception ex) {
      Logger.error("can't open resource");
      ex.printStackTrace();
      return null;
      }
      }
      };
      SSLStreamConnection.setTrustedCertStore(cs);
      Logger.debug("Before opening ssl connection" );

      // Here exception: Certificate was issued by an unrecognized entity
      SSLStreamConnection sslscon = new SSLStreamConnection("myhostname.com", 443, connection.openInputStream(), connection.openOutputStream());

      Logger.debug("trusted certstore: " + cs.getCertificates(null));
      OutputStream outputStream = sslscon.openOutputStream();
      writer = new OutputStreamWriter(outputStream, "UTF-8");
      writer.write(data.toString());
      writer.close();
      outputStream.close();