• Post Reply Bookmark Topic Watch Topic
  • New Topic

How to import a certificate from remote server  RSS feed

 
Shah Vaishali
Greenhorn
Posts: 3
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,
I need to implement a java client which connects via ssl. It gives a security exception due to lack of certificate. Now I was able to do an openssl and view the certificate info. How do it download it into my linux box.

Thanks.
 
subodh kureel
Greenhorn
Posts: 27
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
do you want to use java code to download certificate ? otherwise you can use linux command to download the cert on linux box.

echo -n | openssl s_client -connect HOST:PORT | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > /tmp/$SRVNAME.cert

it will save the certificate to /tmp/$SRVNAME.cert.

Same can be achieved by java client as well.
 
Shah Vaishali
Greenhorn
Posts: 3
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
subodh kureel wrote:do you want to use java code to download certificate ? otherwise you can use linux command to download the cert on linux box.

echo -n | openssl s_client -connect HOST:PORT | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > /tmp/$SRVNAME.cert

it will save the certificate to /tmp/$SRVNAME.cert.

Same can be achieved by java client as well.


I'd like to get the certificate using a java client. How do I get that.
 
subodh kureel
Greenhorn
Posts: 27
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Here is code snippet ..

File file = new File("jssecacerts");
if (file.isFile() == false) {
char seperator = File.separatorChar;
File dir = new File(System.getProperty("java.home") + seperator
+ "lib" + seperator + "security");
file = new File(dir, "jssecacerts");
if (file.isFile() == false) {
file = new File(dir, "cacerts");
}
}
System.out.println("loading keystore " + file + "...");
InputStream in = new FileInputStream(file);
KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
ks.load(in, passphrase);
in.close();

SSLContext context = SSLContext.getInstance("TLS");
TrustManagerFactory tmf =
TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
tmf.init(ks);
X509TrustManager defaultTrustManager = (X509TrustManager)tmf.getTrustManagers()[0];
SavingTrustManager tm = new SavingTrustManager(defaultTrustManager);
context.init(null, new TrustManager[] {tm}, null);
SSLSocketFactory factory = context.getSocketFactory();

System.out.println("Opening connection to " + host + ":" + port + "...");
// I believe you already have SSL connection setup.
.........
...........

try {
System.out.println("Starting SSL handshake...");
socket.startHandshake();
socket.close();
} catch (SSLException e) {
System.out.println();
e.printStackTrace(System.out);
}

X509Certificate[] chain = tm.chain;
if (chain == null) {
System.out.println("Could not obtain server certificate chain");
return;
}


You can try this...Hope this help..
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!