I've developed a simple Web Service using wsgen and it works fine under http (non-SSL). I now need to get it working under https (SSL). I followed the code located here. So the SSL process runs right now...I'm running as a Java Application from within Eclipse. However, when I try to access it I get "Secure Connection Failed" - "The page you are trying to view cannot be shown because the authenticity of the received data could not be verified".
That said, I'm an intermediate with SSL, so I'm probably doing something wrong here. I did the following using the Keystore Explorer tool : - Created a new JKS keystore. - Generated a new Key Pair - Exported the Key Pair as a *.pk12 file. - Opened my Browser and Imported the *.pk12. I tried a *.cer, but the Browser wouldn't take an Unsigned cert.
So the *.jks is opened directly in the Java code and that works, I verified with the Debug in Eclipse. SSL Service starts up fine, but I still get the same error in the browser...The other difficulty is I can't seem to locate any logfile with any kind of exception/error to even begin to trace the issue. I don't think it's a Java issue...I think it's an SSL issue, but I didn't know where else to start.
Any help would be greatly appreciated!
public static void main(String[] args) throws Exception {
Endpoint endpoint = Endpoint.create(new RapidCommandService());
SSLContext ssl = SSLContext.getInstance("SSLv3");
KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
KeyStore store = KeyStore.getInstance(KeyStore.getDefaultType());
getLog().debug ( SHORT_NAME + ".main() - Java User Directory..........................[" + System.getProperty ( "user.dir" ) + "]" );
getLog().debug ( SHORT_NAME + ".main() - Java Home Directory..........................[" + System.getProperty ( "java.home" ) + "]" );
getLog().debug ( SHORT_NAME + ".main() - Java Version.................................[" + System.getProperty ( "java.version" ) + "]" );
//Load the JKS file (located, in this case, at D:\keystore.jks, with password 'test'
store.load(new FileInputStream("C:\\usr\\apps\\java\\jre-170-65\\lib\\security\\rapid-command-service.jks"), "changeit".toCharArray());
//init the key store, along with the password 'test'
kmf.init(store, "changeit".toCharArray());
KeyManager[] keyManagers = new KeyManager[1];
keyManagers = kmf.getKeyManagers();
//Init the trust manager factory
TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
//It will reference the same key store as the key managers
tmf.init(store);
TrustManager[] trustManagers = tmf.getTrustManagers();
ssl.init(keyManagers, trustManagers, new SecureRandom());
getLog().debug ( SHORT_NAME + ".main() - Java SSL Truststore..........................[" + System.getProperty ( "javax.net.ssl.trustStore" ) + "]" );
getLog().debug ( SHORT_NAME + ".main() - Java SSL Keystore............................[" + System.getProperty ( "javax.net.ssl.keyStore" ) + "]" );
//Init a configuration with our SSL context
HttpsConfigurator configurator = new HttpsConfigurator(ssl);
System.setProperty("javax.net.debug", "ssl");
//Create a server on localhost, port 443 (https port)
HttpsServer httpsServer = HttpsServer.create(new InetSocketAddress("localhost", 443), 443);
httpsServer.setHttpsConfigurator(configurator);
//Create a context so our service will be available under this context
HttpContext context = httpsServer.createContext("/rapidCommandService");
httpsServer.start();
//Finally, use the created context to publish the service
endpoint.publish(context);
}
Try
SSLContext ssl = SSLContext.getInstance("TLSv1.2");
SSLv3 is known to be vulnerable nowerdays and your browser probably won't accept a server configured like this.
Another option try curl
with -k
option to connect to the server.