Java Client Certificate over HTTPS/SSL

0 votes

I am using Java 6 and am trying to create an HttpsURLConnection against a remote server, using a client certificate.
The server is using an selfsigned root certificate, and requires that a password-protected client certificate is presented. I've added the server root certificate and the client certificate to a default java keystore which I found in /System/Library/Frameworks/JavaVM.framework/Versions/1.6.0/Home/lib/security/cacerts(OSX 10.5). The name of the keystore file seems to suggest that the client certificate is not supposed to go in there?

Anyway, adding the root certificate to this store solved the infamous javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed' problem.

However, I'm now stuck on how to use the client certificate. I've tried two approaches and neither gets me anywhere.
First, and preferred, try:

SSLSocketFactory sslsocketfactory = (SSLSocketFactory) SSLSocketFactory.getDefault();
URL url = new URL("https://somehost.dk:3049");
HttpsURLConnection conn = (HttpsURLConnection)url.openConnection();
conn.setSSLSocketFactory(sslsocketfactory);
InputStream inputstream = conn.getInputStream();
// The last line fails, and gives:
// javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure

I've tried skipping the HttpsURLConnection class (not ideal since I want to talk HTTP with the server), and do this instead:

SSLSocketFactory sslsocketfactory = (SSLSocketFactory) SSLSocketFactory.getDefault();
SSLSocket sslsocket = (SSLSocket) sslsocketfactory.createSocket("somehost.dk", 3049);
InputStream inputstream = sslsocket.getInputStream();
// do anything with the inputstream results in:
// java.net.SocketTimeoutException: Read timed out

I am not even sure that the client certificate is the problem here.

Nov 28, 2018 in Java by Daisy
• 8,040 points
76 views

1 answer to this question.

Your answer

Your name to display (optional):
Privacy: Your email address will only be used for sending these notifications.
0 votes

The missing links was (mostly) the first of the parameters below, and to some extent that I overlooked the difference between keystores and truststores.

The self-signed server certificate must be imported into a truststore:

keytool -import -alias gridserver -file gridserver.crt -storepass $PASS -keystore gridserver.keystore

These properties need to be set (either on the commandline, or in code):

-Djavax.net.ssl.keyStoreType=pkcs12
-Djavax.net.ssl.trustStoreType=jks
-Djavax.net.ssl.keyStore=clientcertificate.p12
-Djavax.net.ssl.trustStore=gridserver.keystore
-Djavax.net.debug=ssl # very verbose debug
-Djavax.net.ssl.keyStorePassword=$PASS
-Djavax.net.ssl.trustStorePassword=$PASS

Working example code:

SSLSocketFactory sslsocketfactory = (SSLSocketFactory) SSLSocketFactory.getDefault();
URL url = new URL("https://gridserver:3049/cgi-bin/ls.py");
HttpsURLConnection conn = (HttpsURLConnection)url.openConnection();
conn.setSSLSocketFactory(sslsocketfactory);
InputStream inputstream = conn.getInputStream();
InputStreamReader inputstreamreader = new InputStreamReader(inputstream);
BufferedReader bufferedreader = new BufferedReader(inputstreamreader);

String string = null;
while ((string = bufferedreader.readLine()) != null) {
    System.out.println("Received " + string);
}
answered Nov 28, 2018 by Sushmita
• 6,840 points

Related Questions In Java

0 votes
1 answer

Trusting all certificates using HttpClient over HTTPS

Note: Do not implement this in production ...READ MORE

answered Jun 25, 2018 in Java by Rishabh
• 3,520 points
721 views
0 votes
1 answer

How to specify the certificate to use for authenticating the server to client?

You can try the command given below. System.setProperty("javax.net. ...READ MORE

answered Jan 2 in Java by Daisy
• 8,040 points
15 views
+1 vote
3 answers

What is the syntax to declare and initialize an array in java?

You can use this method: String[] strs = ...READ MORE

answered Jul 25, 2018 in Java by samarth295
• 2,190 points
149 views
0 votes
1 answer

How can I convert a String variable to a primitive int in Java

You can convert a String to int by using a function: int ...READ MORE

answered Apr 12, 2018 in Java by sharth
• 3,310 points
63 views
0 votes
1 answer

Unable to find valid certification path to requested target - error even after cert imported

Unfortunately - it could be many things ...READ MORE

answered Nov 27, 2018 in Java by Daisy
• 8,040 points
562 views
0 votes
1 answer

Unable to find valid certification path to requested target

The problem appears when your server has ...READ MORE

answered Dec 12, 2018 in Java by Daisy
• 8,040 points
196 views
+2 votes
1 answer

How to import an existing x509 certificate and private key in Java keystore to use in SSL?

keytool does not provide such basic functionality ...READ MORE

answered Dec 19, 2018 in Java by Daisy
• 8,040 points
176 views
+5 votes
3 answers

How to execute a python file with few arguments in java?

You can use Java Runtime.exec() to run python script, ...READ MORE

answered Mar 27, 2018 in Java by DragonLord999
• 8,380 points

edited Nov 6, 2018 by Omkar 5,541 views
0 votes
3 answers

String to Double conversion in java

Double temp = Double.valueOf(str); number = temp.doubleValue(); READ MORE

answered Sep 10, 2018 in Java by Sushmita
• 6,840 points
38 views
0 votes
4 answers

Remove extra spaces from string in java

import java.util.regex.Matcher; import java.util.regex.Pattern; String pattern="[\\s]"; String replace=""; part="name=john age=13 year=2001"; Pattern ...READ MORE

answered Sep 10, 2018 in Java by parth295
• 4,600 points
57 views

© 2018 Brain4ce Education Solutions Pvt. Ltd. All rights Reserved.
"PMP®","PMI®", "PMI-ACP®" and "PMBOK®" are registered marks of the Project Management Institute, Inc. MongoDB®, Mongo and the leaf logo are the registered trademarks of MongoDB, Inc.