Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > Java > Mac OS X and SSL

Reply
Thread Tools

Mac OS X and SSL

 
 
JScoobyCed
Guest
Posts: n/a
 
      06-21-2005
Hi,

I have a 3-tiers application written in Java (all tiers). It is a kind
of file server (it does some processing on files once uploaded).

Communication is simple:

client --> server --> backup
and
server --> client

Here, "-->" means: "send a file to"

Each connection is a Socket --> ServerSocket using SSL. The Socket is
created this way:

<code>
SocketFactory ssf = sslcontext.getSocketFactory();
SSLSocket socket = (SSLSocket)ssf.createSocket(server, port);
</code>

The ServerSocket is created this way:

<code>
ServerSocketFactory ssf = sslcontext.getServerSocketFactory();
SSLServerSocket serversocket =
(SSLServerSocket)ssf.createServerSocket(port);
</code>

Before creating those object, an initialization is done:

<code>
KeyStore ks = KeyStore.getInstance("JKS");
ks.load(getClass().getResourceAsStream(keystore),
keystorepass.toCharArray());
KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
kmf.init(ks, keypassword.toCharArray());
TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
tmf.init(ks);
sslcontext = SSLContext.getInstance("SSLv3");
sslcontext.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
</code>

When I run all client, server and backup on my machine (WinXP), all
works well.
But if I start the backup and the server on a remote server (both on the
same server) and I try to connect from my machine there is a problem
between server --> backup.
The remote server is Mac OS X. I can send the file from my client to the
server. Then when it sends the same file to the backup, it throws an
Exception:

On server:
<Exception>
javax.net.ssl.SSLException
Connection has been shutdown: javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: No trusted certificate found
com.sun.net.ssl.internal.ssl.SSLSocketImpl.d(Dasho A6275)
com.sun.net.ssl.internal.ssl.AppInputStream.read(D ashoA6275)
net.rochefolle.cedcore.net.InputStreamUtility._rea dBytes(InputStreamUtility.java:39)
</Exception>

On backup:
<Exception>
javax.net.ssl.SSLHandshakeException
Received fatal alert: certificate_unknown
com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.a(D ashoA6275)
com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.b(D ashoA6275)
com.sun.net.ssl.internal.ssl.SSLSocketImpl.b(Dasho A6275)
com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(Dasho A6275)
com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(Dasho A6275)
com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(Dasho A6275)
com.sun.net.ssl.internal.ssl.AppInputStream.read(D ashoA6275)
net.rochefolle.cedcore.net.InputStreamUtility._rea dBytes(InputStreamUtility.java:39)
</Exception>

I use for all communication a certificate generated by "keytool". The
file is put in the JAR file of the application (one certificate in the
client, one in the server and one in the backup). That means the server
uses the same certificate to listen to the client (ServerSocket) and to
connect the backup (Socket).

Any idea that would help? Thanks a lot.

--
JSC
 
Reply With Quote
 
 
 
 
JScoobyCed
Guest
Posts: n/a
 
      06-22-2005
Well, after investigation, I could figure out that Mac OS X requires a
specific way to make the certificate for SSL.
If I use the same name for the alias, keystore and passwords
(keystorepassword and keypassword), the "-Djavax.net.debug=ssl" will not
show that the certificate is trusted.
If I use a different value for the passwords, it shows the certificate
is trusted.

--
JSC
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
SSL and OpenSSL::SSL::SSLServer accept() born in USSR Ruby 2 09-27-2009 01:46 AM
Maintain session between an SSL page and Non SSL page John Smith Java 0 10-05-2006 12:03 PM
webrick, ssl and non-ssl on the same port Pavel Smerk Ruby 3 08-15-2006 05:51 PM
SSL with backend SSL on CSS 11500 Olivier PELERIN Cisco 0 08-30-2004 08:30 PM
From non-ssl area to ssl ara with a virtual href path? 620 ASP .Net 2 01-06-2004 09:58 PM



Advertisments