Hi,
I'm having some trouble getting SSL working and hope
someone can shed some light. I've been plowing through
these forums for a couple of days - seems lots of folks
have had this problem but I can't find a clear solution.
I've written a server in java. The client is an applet.
This is an internet app so I have no control over
configuring clients. I'm trying to prove SSL communication from the applet to my server. This is
commercial software so the customer would put their own
keys on the machine and resign the applet before deploying.
I've created a keystore with keytool. Then I self-
signed it. Then I signed my applet jarfile. I've even tried exporting the certificate and importing using the java plug-in control panel
(obviously not something I can do in the real world but
just wanted to see if that was it). I start up my server
and navigate to a web page to start the applet. For
development purposes, I'm doing this all on one machine. I'm running jdk 1.4.1_02. We're requiring the
Sun plug-in as our client java VM.
Once the client starts to connect, I get this error in
the plug-in console:
java.security.cert.CertificateException: Couldn't find trusted certificate
On my server, I get:
Wed May 14 16:27:46 EDT 2003 [EXCEPTION]: javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_unknown
javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_unknown
at com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.b(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.b(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.AppInputStream.read(DashoA6275)
at sun.nio.cs.StreamDecoder$CharsetSD.readBytes(StreamDecoder.java:406)
at sun.nio.cs.StreamDecoder$CharsetSD.implRead(StreamDecoder.java:446)
at sun.nio.cs.StreamDecoder.read(StreamDecoder.java:180)
at java.io.InputStreamReader.read(InputStreamReader.java:167)
at java.io.BufferedReader.fill(BufferedReader.java:136)
at java.io.BufferedReader.readLine(BufferedReader.java:299)
at java.io.BufferedReader.readLine(BufferedReader.java:362)
at com.pactolus.webBroker.psWebLegClientThread.run(psWebLegClientThread.java:130)
at java.lang.Thread.run(Thread.java:536)
The client code is pretty simple:
SSLSocketFactory factory = (SSLSocketFactory)
SSLSocketFactory.getDefault();
tcpSocket = (SSLSocket) factory.createSocket(addr,
iPortNbr);
tcpSocket.setUseClientMode(true);
tcpSocket.startHandshake();
followed by a thread kick-off which will listen on the
socket for incoming messages.
The server code is:
SSLContext sslCtxt = SSLContext.getInstance("SSL");
KeyManagerFactory kmf = KeyManagerFactory.getInstance
("SunX509");
KeyStore ks = KeyStore.getInstance("JKS");
char[] password = keyPassword.toCharArray();
ks.load(new FileInputStream(keyFile), password);
kmf.init(ks, password);
sslCtxt.init(kmf.getKeyManagers(), null, null);
SSLServerSocketFactory factory =
sslCtxt.getServerSocketFactory();
secureTCPSocket = (SSLServerSocket)
factory.createServerSocket(port);
secureTCPSocket.setNeedClientAuth(false);
followed by a thread kick-off which will listen for
connections and spin-off other threads to manage each
client socket.
I'm pretty much at my wits end. As I said, seems lots of
folks have had this problem but I haven't yet seen a
firm answer.
If anyone can shed some light on this so I can get my
proof of conecept going, I would really appreciate it -and buy you a couple of beers!
Thanks,
Scott Johnson