Java: SSL Clientside Authentication with self

I'm trying to secure a connection from a Java Client/Server application that communicates over the Internet. My idea was to use SSL sockets with self-signed certificates and client authentication. I did the following: Server: Keystore containing new self-signed certificate. keytool -genkey -kelalg RSA ... Client: Keystore containing new self-signed certificate. keytool -genkey -kelalg

Java:使用SSL进行SSL客户端身份验证

我试图通过互联网进行通信的Java客户端/服务器应用程序获得连接。 我的想法是使用带有自签名证书和客户端认证的SSL套接字。 我做了以下几点: 服务器:包含新的自签名证书的密钥库。 keytool -genkey -kelalg RSA ... 客户端:包含新的自签名证书的密钥库。 keytool -genkey -kelalg RSA ... 服务器:包含导出的客户端证书的信任库(从上面的项目符号点开始)。 keytool -export导出客户端证书和keytool -import -v -tr

signed ssl certificate in Java client

It looks like a standard question, but I couldn't find clear directions anywhere. I have java code trying to connect to a server with probably self-signed (or expired) certificate. The code reports the following error : [HttpMethodDirector] I/O exception (javax.net.ssl.SSLHandshakeException) caught when processing request: sun.security.validator.ValidatorException: PKIX path building fa

在Java客户端中签署SSL证书

它看起来像一个标准问题,但我无法在任何地方找到明确的方向。 我有Java代码试图连接到可能自签名(或过期)证书的服务器。 该代码报告以下错误: [HttpMethodDirector] I/O exception (javax.net.ssl.SSLHandshakeException) caught when processing request: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid

Resolving javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed Error?

Edit :- Tried to format the question and accepted answer in more presentable way at mine Blog Here is the original issue:- I am getting this error detailed message sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target cause javax.net.ssl.SSLHandshakeExc

解决javax.net.ssl.SSLHandshakeException:sun.security.validator.ValidatorException:PKIX路径构建失败错误?

编辑: -试图格式化问题,并在我的博客接受更多的方式接受答案 这是原始问题: - 我收到这个错误 详细消息sun.security.validator.ValidatorException:PKIX路径构建失败: sun.security.provider.certpath.SunCertPathBuilderException:无法找到要求的目标的有效证书路径 导致javax.net.ssl.SSLHandshakeException:sun.security.validator.ValidatorException:PKIX路径构建失败:sun.security.provider.certpath.

mutual authentication

I have a couple of java servlets which need to be secured with Mutual authentication with X509 certificates. I used the information from here to implement mutual authentication and it works fine on my machine. Now our integration environment has BigIP for load balancing traffic to weblogic. The SSL is terminated at BigIP and it forwards the https request to weblogic using an internal certific

相互认证

我有几个Java Servlet需要使用X509证书进行相互验证。 我使用这里的信息来实现相互认证,并且在我的机器上工作正常。 现在我们的集成环境具有BigIP,用于将流量负载平衡到weblogic。 SSL在BigIP终止,它使用内部证书将https请求转发给weblogic,而不是使用原始https请求获得的客户端证书。 所以相互认证不起作用。 BigIP团队表示他们可以将客户端的证书放入HTTP标头(SSL_CLIENT_CERT)中,我不知道如何配置weblogic从htt

How do I get symmetric key generated in SSL handshake?

During SSL handshake the client encrypts generated pre-master secret with the server's public key and sends to the server. Both Server and Client perform steps to generate the master secret with the agreed cipher. Both the client and the server use the master secret to generate the session keys, which are symmetric keys used to encrypt and decrypt information exchanged during the SSL sessio

如何获得SSL握手中生成的对称密钥?

在SSL握手期间,客户端使用服务器的公钥将生成的预主密钥加密并发送到服务器。 服务器和客户端都执行步骤以使用约定的密码生成主密钥。 客户端和服务器都使用主密钥来生成会话密钥,这是对称密钥,用于对SSL会话期间交换的信息进行加密和解密 http://www.symantec.com/connect/blogs/how-does-ssl-work-what-ssl-handshake 如何获得对称密钥,以便我可以将其存储到数据库中,并且每次客户端连接时都使用相同密钥? 服务

How to create a custom secure socket connection between client/server?

I am developing a client/server application based on Java sockets and I would like some guide lines on how to make those secure/encrypted. So, I have been reading the last two weeks about SSL, security, public and private key encryption, symmetric and asymmetric methodologies and I would like to implement a safe connection between client/server with the approach below: Server: Create a public

如何在客户端/服务器之间创建定制的安全套接字连接?

我正在开发一个基于Java套接字的客户端/服务器应用程序,并且我想了解如何使这些安全/加密的指南。 所以,我一直在阅读关于SSL,安全性,公钥和私钥加密,对称和非对称方法的最近两周内的内容,并且我希望通过以下方法实现客户端/服务器之间的安全连接: 服务器:创建用于加密的公钥和用于解密的私钥 客户端:使用服务器的公钥将其凭证与请求的时间戳一起加密,以便每次他想要验证自己时加密值不会相同。 附加到此消息的客

SSL handshake process

I am getting started on security and read about the SSL handshaking scenario. In this post, the replier mentioned that the symmetric key is generated on the browser, encrypted using the server's public key and sent over to the server. However, in the other articles, they mentioned that a pre-master secret was generated and sent over instead for calculation of the symmetric key. May I kno

SSL握手过程

我正在开始安全性并阅读有关SSL握手方案。 在这篇文章中,回复者提到在浏览器上生成对称密钥,并使用服务器的公钥进行加密并发送到服务器。 然而,在其他文章中,他们提到了一个预主秘密被生成并被发送,而不是用于计算对称密钥。 我可否知道哪一个是正确的解释,以及这个预主密钥是如何生成并用于生成对称密钥的? 您链接到的帖子中的说明只是协议的简单说明。 客户端生成预主密钥,并使用服务器的公钥对其进行加密,

Solutions to sign certificates

For a system with multiple application servers and multiple clients, I would like to introduce mutual authentication as well as other security protections provided by TLS. The servers and clients may be located on different networks as well as on the same network. Each entity (client or server) has its own keystore that stores its private/public key pair and a X.509 certificate that wraps the

解决方案签署证书

对于具有多个应用程序服务器和多个客户端的系统,我想介绍相互身份验证以及TLS提供的其他安全保护。 服务器和客户端可能位于不同的网络以及同一网络上。 每个实体(客户端或服务器)都有自己的密钥库,用于存储其私钥/公钥对和包装公钥的X.509证书。 但是,在这一点上,证书是自签名的。 所以,它不会被其他通信实体验证。 经过一番研究,我看了一些解决方案: 创建一个将签署证书的专用CA. 如果我理解得当,CA的证书

signed certificate verification procedure with SSL?

I have a client/server SSL socket implementation in Java, where a self-signed certificate has been generated and imported into the client truststore. The server has a copy of the self-signed certificate in its keystore. The cipher suite agreed is TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA , which is an epileptic Diffie- Hellman Variant. The self-signed certificate uses an RSA keypair, and the public

使用SSL签署证书验证程序?

我在Java中有一个客户端/服务器SSL套接字实现,其中自签名证书已生成并导入到客户端信任库中。 服务器在其密钥库中具有自签名证书的副本。 同意的密码套件是TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA ,这是一种癫痫性Diffie-Hellman变体。 自签名证书使用RSA密钥对,公钥在证书上列出以进行加密。 我不完全确定的是自签名证书的客户端验证过程如何在Java中工作。 我了解TLS通常如何验证证书; 在其签名上使用CA的公钥,然后将

Libgdx use ScreenUtils asynchronously and don't stop the game loop

I want to capture the screen. Libgdx provides some functions defined in the ScreenUtils class. For instance final Pixmap pixmap = ScreenUtils.getFrameBufferPixmap(x, y, w, h); My problem is that it takes about 1-3 seconds to get that information. During that time the game loop is blocked and the user will define it as a lag. Internally the ScreenUtils class, uses Gdx.gl.glReadPixels . If

Libgdx异步使用ScreenUtils并且不停止游戏循环

我想要捕捉屏幕。 Libgdx提供了一些在ScreenUtils类中定义的函数。 例如final Pixmap pixmap = ScreenUtils.getFrameBufferPixmap(x, y, w, h); 我的问题是需要大约1-3秒才能获得这些信息。 在此期间,游戏循环被阻止,用户将其定义为滞后。 ScreenUtils类的内部使用Gdx.gl.glReadPixels 。 如果我在一个线程中运行ScreenUtils.getFrameBufferPixmap方法,就没有延迟,但它会以错误的方法捕获屏幕,这是合乎逻辑的,因