Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > Java > Mac OS X and SSL

Thread Tools

Mac OS X and SSL

Posts: n/a

I have a 3-tiers application written in Java (all tiers). It is a kind
of file server (it does some processing on files once uploaded).

Communication is simple:

client --> server --> backup
server --> client

Here, "-->" means: "send a file to"

Each connection is a Socket --> ServerSocket using SSL. The Socket is
created this way:

SocketFactory ssf = sslcontext.getSocketFactory();
SSLSocket socket = (SSLSocket)ssf.createSocket(server, port);

The ServerSocket is created this way:

ServerSocketFactory ssf = sslcontext.getServerSocketFactory();
SSLServerSocket serversocket =

Before creating those object, an initialization is done:

KeyStore ks = KeyStore.getInstance("JKS");
KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
kmf.init(ks, keypassword.toCharArray());
TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
sslcontext = SSLContext.getInstance("SSLv3");
sslcontext.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);

When I run all client, server and backup on my machine (WinXP), all
works well.
But if I start the backup and the server on a remote server (both on the
same server) and I try to connect from my machine there is a problem
between server --> backup.
The remote server is Mac OS X. I can send the file from my client to the
server. Then when it sends the same file to the backup, it throws an

On server:
Connection has been shutdown: No trusted certificate found A6275) ashoA6275) dBytes(

On backup:
Received fatal alert: certificate_unknown ashoA6275) ashoA6275) A6275) A6275) A6275) A6275) ashoA6275) dBytes(

I use for all communication a certificate generated by "keytool". The
file is put in the JAR file of the application (one certificate in the
client, one in the server and one in the backup). That means the server
uses the same certificate to listen to the client (ServerSocket) and to
connect the backup (Socket).

Any idea that would help? Thanks a lot.

Reply With Quote
Posts: n/a
Well, after investigation, I could figure out that Mac OS X requires a
specific way to make the certificate for SSL.
If I use the same name for the alias, keystore and passwords
(keystorepassword and keypassword), the "" will not
show that the certificate is trusted.
If I use a different value for the passwords, it shows the certificate
is trusted.

Reply With Quote

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
SSL and OpenSSL::SSL::SSLServer accept() born in USSR Ruby 2 09-27-2009 01:46 AM
Maintain session between an SSL page and Non SSL page John Smith Java 0 10-05-2006 12:03 PM
webrick, ssl and non-ssl on the same port Pavel Smerk Ruby 3 08-15-2006 05:51 PM
SSL with backend SSL on CSS 11500 Olivier PELERIN Cisco 0 08-30-2004 08:30 PM
From non-ssl area to ssl ara with a virtual href path? 620 ASP .Net 2 01-06-2004 09:58 PM