Add certificate from web -> keystore

G

genkuro

Hi -

I'm working with a large cluster of hundreds of nodes. The cluster
occasionally chats with itself using web services, SSL, and self-
signed certificates.

The cluster is built through scripts of course. And the creation
script must be able to establish communication between the nodes,
preferably over http (versus NFS or some other data sharing
mechanism).

What's the easiest most intuitive way to grab an SSL certificate over
http then add it to the keystore?

I appreciate the help.
 
R

Roedy Green

What's the easiest most intuitive way to grab an SSL certificate over
http then add it to the keystore?
Click to expand...

Read up on JCE to see if there is a method to do this for you.
see http://mindprod.com/jgloss/jce.html

If the public cert itself is exchanged under some circumstances in an
ordinary browser interaction try getting a copy of Ethereal (see
http://mindprod.com/jgloss/sniffer.html)

and watch the packets going back and forth. Then mimic that with a
raw socket.
 
T

timjowers

Hi -

I'm working with a large cluster of hundreds of nodes. The cluster
occasionally chats with itself using web services, SSL, and self-
signed certificates.

The cluster is built through scripts of course. And the creation
script must be able to establish communication between the nodes,
preferably over http (versus NFS or some other data sharing
mechanism).

What's the easiest most intuitive way to grab an SSL certificate over
http then add it to the keystore?

I appreciate the help.
Click to expand...


Just guessing: (let me know if this helps)

import java.net.*;
import java.io.*;

import javax.net.ssl.HttpsURLConnection;
import javax.security.cert.Certificate;

public class SSLGetCertificateFromWebPager {
public static void main(String[] args) throws Exception {
URL site = new URL("https://mail.google.com/mail/");
HttpsURLConnection conn = (HttpsURLConnection)
site.openConnection();
conn.setDoOutput(true);
InputStream istream = conn.getInputStream();
java.security.cert.Certificate[] aCerts =
conn.getServerCertificates();
System.out.println( "The certificate is " );
System.out.println( aCerts[0].toString() );
System.out.println( "The certificate encoding is " +
aCerts[0].getType() );
byte[] data = aCerts[0].getEncoded();
File file = new File( "gmail_downloaded.cer" ); // DER
encoding for instance
DataOutputStream dos = new DataOutputStream( new
FileOutputStream( file ) );
dos.write( data );
dos.close();
BufferedReader br = new BufferedReader(
new InputStreamReader(
istream ));
String line;

while ((line = br.readLine()) != null)
System.out.println(line);
br.close();
}
}

Best,
TimJowers
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Certificate chain and Java Web Start 4
SSL Client Certificate error on Mac OS X 10.6.4 4
X.509 Certificate based authentication 8
Setting up client certificate. 0
Solution - Verisign expired root CA and "No trusted certificate found" using JSSE 2
SOAP access denied when IIS set to required client certificate 1
Access denied when IIS set to require client certificate 0
Unsigned applet and SSL 4

Members online

Total: 32 (members: 1, guests: 31)
Robots: 148

Forum statistics

Threads
473,756
Messages
2,569,535
Members
45,007
Latest member
OrderFitnessKetoCapsules

Latest Threads

Top