SSL certificate and HttpsURLConnection

[klelandw]

Hi there. Maybe I'm not looking in the right places, but I've yet to
find a comprehensible answer to the following:

I'm trying to set up an app to grap a page over an SSL connection
(https://www.recap.com/). I've worked out how to grab generically
secured pages (forgive my terminology, my knowledge of crypto is pretty
much nonexistent) such as https://www.gmail.com/, but the site I'm
trying to grab data from requires a particular certificate, which I do
have. The cert has been registered in Windows however that happens; I
simply have no clue:
1) how to locate this cert in the Windows keystore via java (or how to
access the Windows/IE keystore in general); there seem to be (online)
instructions for user selection of certs, but if the user doesn't know
where to find it...
2) once that's happened, how to select this cert for use.

Any help provided would go much appreciated. Many thanks.

(code posted if you like, but it won't do much for you)

Kyle

 

[Rogan Dawes]

Hi there. Maybe I'm not looking in the right places, but I've yet to
find a comprehensible answer to the following:

I'm trying to set up an app to grap a page over an SSL connection
(https://www.recap.com/). I've worked out how to grab generically
secured pages (forgive my terminology, my knowledge of crypto is pretty
much nonexistent) such as https://www.gmail.com/, but the site I'm
trying to grab data from requires a particular certificate, which I do
have. The cert has been registered in Windows however that happens; I
simply have no clue:
1) how to locate this cert in the Windows keystore via java (or how to
access the Windows/IE keystore in general); there seem to be (online)
instructions for user selection of certs, but if the user doesn't know
where to find it...
2) once that's happened, how to select this cert for use.

Any help provided would go much appreciated. Many thanks.

(code posted if you like, but it won't do much for you)

Kyle

Ok, so you need to supply a client-side cert to connect to a particular
server. That cert has been installed in the Windows cert store.

First, Java has no inherent mechanism for accessing certs in the Windows
Cert store. This leaves you with a couple of alternatives:

1. Export the cert to a PKCS#12 format file, which Java can access. This
requires that the cert was created as an "Exportable" cert.

2. Use a 3rd party library such as Assembla (google is your friend)
which maps Java Crypto Extensions API calls onto Windows Crypto API
calls. This may allow you to access the certs in the Windows cert store.

Once you have managed to access that certificate, you need to know how
to use that cert as part of the SSL setup process. I have written a
short sample program, available on my website[1], which demonstrates
many aspects of connecting to SSL servers. You may find it helpful.

Regards,

Rogan

[1] http://dawes.za.net/rogan/PKCS11Test.java