Add certificate from web -> keystore

Discussion in 'Java' started by genkuro@gmail.com, Jun 28, 2007.

  1. Guest

    Hi -

    I'm working with a large cluster of hundreds of nodes. The cluster
    occasionally chats with itself using web services, SSL, and self-
    signed certificates.

    The cluster is built through scripts of course. And the creation
    script must be able to establish communication between the nodes,
    preferably over http (versus NFS or some other data sharing
    mechanism).

    What's the easiest most intuitive way to grab an SSL certificate over
    http then add it to the keystore?

    I appreciate the help.
    , Jun 28, 2007
    #1
    1. Advertising

  2. Roedy Green Guest

    On Thu, 28 Jun 2007 11:12:37 -0700, wrote, quoted or
    indirectly quoted someone who said :

    >What's the easiest most intuitive way to grab an SSL certificate over
    >http then add it to the keystore?


    Read up on JCE to see if there is a method to do this for you.
    see http://mindprod.com/jgloss/jce.html

    If the public cert itself is exchanged under some circumstances in an
    ordinary browser interaction try getting a copy of Ethereal (see
    http://mindprod.com/jgloss/sniffer.html)

    and watch the packets going back and forth. Then mimic that with a
    raw socket.

    --
    Roedy Green Canadian Mind Products
    The Java Glossary
    http://mindprod.com
    Roedy Green, Jun 28, 2007
    #2
    1. Advertising

  3. timjowers Guest

    On Jun 28, 2:12 pm, wrote:
    > Hi -
    >
    > I'm working with a large cluster of hundreds of nodes. The cluster
    > occasionally chats with itself using web services, SSL, and self-
    > signed certificates.
    >
    > The cluster is built through scripts of course. And the creation
    > script must be able to establish communication between the nodes,
    > preferably over http (versus NFS or some other data sharing
    > mechanism).
    >
    > What's the easiest most intuitive way to grab an SSL certificate over
    > http then add it to the keystore?
    >
    > I appreciate the help.



    Just guessing: (let me know if this helps)

    import java.net.*;
    import java.io.*;

    import javax.net.ssl.HttpsURLConnection;
    import javax.security.cert.Certificate;

    public class SSLGetCertificateFromWebPager {
    public static void main(String[] args) throws Exception {
    URL site = new URL("https://mail.google.com/mail/");
    HttpsURLConnection conn = (HttpsURLConnection)
    site.openConnection();
    conn.setDoOutput(true);
    InputStream istream = conn.getInputStream();
    java.security.cert.Certificate[] aCerts =
    conn.getServerCertificates();
    System.out.println( "The certificate is " );
    System.out.println( aCerts[0].toString() );
    System.out.println( "The certificate encoding is " +
    aCerts[0].getType() );
    byte[] data = aCerts[0].getEncoded();
    File file = new File( "gmail_downloaded.cer" ); // DER
    encoding for instance
    DataOutputStream dos = new DataOutputStream( new
    FileOutputStream( file ) );
    dos.write( data );
    dos.close();
    BufferedReader br = new BufferedReader(
    new InputStreamReader(
    istream ));
    String line;

    while ((line = br.readLine()) != null)
    System.out.println(line);
    br.close();
    }
    }

    Best,
    TimJowers
    timjowers, Jul 2, 2007
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.

Share This Page