Djordje Cvetkovic

Hi again...

I Just wanted to share with you my findings. Maybe someone will find this useful.

At the moment of writing this, I can say with 99% certainty that what I wanted in the first place IS possible. I implemented it and in localhost (both server and the client) everything works. The 1% left is because I still need to test my solution with Wireshark to see that the communication is actually SSL/TLS encrypted.
I will update once these tests are done.

First of all, big thanks to this article. It helped me achieve what I wanted, even though it is HTTPS related. My client is a TCP client implementing custom protocol.

All imports are from javax.net.ssl package.

Anyway... here is the client code:

Somewhere in the client initialization class:
public void establishSSLConnection() {    String serverAddress = "127.0.0.1";    int serverPort = 12345;    MyHandshakeCompletedListener hcl = new MyHandshakeCompletedListener();    SSLSocket sslSocket = null;    try {        TrustManager[] trustAllCerts = new TrustManager[]{new X509TrustManager() {            @Override            public java.security.cert.X509Certificate[] getAcceptedIssuers() {                return null;            }            @Override            public void checkClientTrusted(X509Certificate[] certs, String authType) {}            @Override            public void checkServerTrusted(X509Certificate[] certs, String authType) {}        }        };        SSLContext sc = SSLContext.getInstance("TLSv1");        sc.init(null, trustAllCerts, new java.security.SecureRandom());        SSLSocketFactory sslFactory = sc.getSocketFactory();        sslSocket = (SSLSocket) sslFactory.createSocket(serverAddress, serverPort);        sslSocket.addHandshakeCompletedListener(hcl);        sslSocket.startHandshake();    } catch (Exception ex) {        ex.printStackTrace();    } }
MyHandshakeCompletedListener:
public class MyHandshakeCompletedListener implements HandshakeCompletedListener {    @Override    public void handshakeCompleted(HandshakeCompletedEvent hce) {        // At this point the SSL connection is established    } }
If you have any questions feel free to ask

Hi all,

I had to create a Java SSL client. I did it by following the following tutorial:
https://docs.oracle.com/javase/8/docs/technotes/guides/security/jsse/samples/sockets/client/SSLSocketClient.java

When I tried to run the program there was an exception saying that there was no certificate found (I cannot remember exactly the exception).
I solved this by installing the certificate into cacerts file and everything worked fine.
Note: This certificate is a self-signed and is not validated by any CA.

However, the clients to whom this software will be distributed should not have to do this.

How can I create a SSL/TLS Java client w/o installing untrusted certificate.

If some more clarification is needed do not hesitate do ask.

Thanks in advance!