A
AndrewTK
I am working on a project in which we must implement servers and
clients that must communicate data back and forth. The setup is that
there are 5 teams each with their own server and client. Each client
communicates with their own or another team's server
Until recently, we have been using plain sockets, but the recent
decision was made to implement secure communication.
I duly updated my code:
Socket s = new Socket(host, port);
to
SSLSocketFactory facto =
(SSLSocketFactory)SSLSocketFactory.getDefault();
SSLSocket s = (SSLSocket)facto.createSocket(host,port);
s.startHandshake();
This generates exception
/-!!!
Exception in thread "main" javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to
find valid certification path to requested target
!!!-/
Mails back and forth have suggested that .cer files are in play. I have
not been able to make head or tail of the documentation I find online,
and most docs are related to HTTPS servers, which is not what I want -
I am coding the client side, for raw TCP use (our server is being coded
by someone else, in Python, so I can't get much advice from them...)
My questions, more specifically:
-I have been given a number of .cer files. How am I supposed to load
them to the key store? Preferably I would like to be able to have these
in a folder and be able to load them on client startup, dynamically
speaking.
-Does the handshaking deal with authenticating a server once the
certificates are loaded or will I need to "manually" (=hard-code) the
authentication? Where do I do that?
***
For now the concerened code is
{
// (...)
// I am expecting I might have to do something here...
SSLSocketFactory facto =
(SSLSocketFactory)SSLSocketFactory.getDefault();
s = (SSLSocket)facto.createSocket( host , port );
s.startHandshake();
// or here otherwise
OutputStreamWriter osw = new OutputStreamWriter(s.getOutputStream()
);
osw.write( the_data );
osw.flush();
// read response data
// (...)
}
Thanks in advance for any advice!
Andrew
clients that must communicate data back and forth. The setup is that
there are 5 teams each with their own server and client. Each client
communicates with their own or another team's server
Until recently, we have been using plain sockets, but the recent
decision was made to implement secure communication.
I duly updated my code:
Socket s = new Socket(host, port);
to
SSLSocketFactory facto =
(SSLSocketFactory)SSLSocketFactory.getDefault();
SSLSocket s = (SSLSocket)facto.createSocket(host,port);
s.startHandshake();
This generates exception
/-!!!
Exception in thread "main" javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to
find valid certification path to requested target
!!!-/
Mails back and forth have suggested that .cer files are in play. I have
not been able to make head or tail of the documentation I find online,
and most docs are related to HTTPS servers, which is not what I want -
I am coding the client side, for raw TCP use (our server is being coded
by someone else, in Python, so I can't get much advice from them...)
My questions, more specifically:
-I have been given a number of .cer files. How am I supposed to load
them to the key store? Preferably I would like to be able to have these
in a folder and be able to load them on client startup, dynamically
speaking.
-Does the handshaking deal with authenticating a server once the
certificates are loaded or will I need to "manually" (=hard-code) the
authentication? Where do I do that?
***
For now the concerened code is
{
// (...)
// I am expecting I might have to do something here...
SSLSocketFactory facto =
(SSLSocketFactory)SSLSocketFactory.getDefault();
s = (SSLSocket)facto.createSocket( host , port );
s.startHandshake();
// or here otherwise
OutputStreamWriter osw = new OutputStreamWriter(s.getOutputStream()
);
osw.write( the_data );
osw.flush();
// read response data
// (...)
}
Thanks in advance for any advice!
Andrew