RE: SSL: certificate_unknown
Hi Daniel, Do you have a server-side example of the SecureXmlRpcTest.java? I tried Eric's server-side example below but I'm having trouble even just getting to server part working. The server runs but doesnt seem to bind to the specified port. It would be good if someone could the website is updated with some getting started guide for the SecureXmlRpc stuff. Thanks Duke -Original Message- From: Daniel [mailto:[EMAIL PROTECTED] Sent: Wednesday, November 03, 2004 6:41 AM To: [EMAIL PROTECTED] Subject: Re: SSL: certificate_unknown Hi, This might be of use to you: http://www.yorku.ca/dkha/docs/xmlrpc/SecureXmlRpcTest.java Regards, Daniel On Wed, 3 Nov 2004, Eric Zillmann wrote: Hi. I'm trying to get an XML-RPC server running via SecureWebServer/ SecureXmlRpcClient (without SSL it works of course ;). Unfortunately I couldn't find an example for use with SSL. I've created the keys with the following commands (as described in create-keystore.sh): keytool -genkey \ -alias server \ -keypass password \ -keystore keystore \ -storepass password \ -validity 180 keytool -export \ -alias server \ -keystore keystore \ -keypass password \ -storepass password \ -rfc \ -file testkeys.cer keytool -import \ -alias server \ -file testkeys.cer \ -keystore truststore \ -storepass password I've copied them in a subdirectory of the server and the client. The servers code is: SecurityTool.setKeyStore( keys/keystore ); SecurityTool.setKeyStorePassword( password ); SecurityTool.setKeyStoreType( JKS ); SecurityTool.setKeyManagerType( SunX509 ); SecurityTool.setSecurityProtocol( TLS ); SecureWebServer server = new SecureWebServer( 4711 ); server.addHandler( functions, new XMLRPCHandler() ); server.setParanoid( false ); server.start(); The client Code is: SecurityTool.setKeyStore( keys/keystore); SecurityTool.setKeyStorePassword( password); SecurityTool.setKeyStoreType( JKS ); SecurityTool.setKeyManagerType( SunX509 ); SecurityTool.setSecurityProtocol( TLS ); dbCon = new SecureXmlRpcClient( host, port ); dbCon.setup(); The server runs and the client's SecureXmlRpcClient object is being created but when I try to use execute, I get this exception on the server: javax.net.ssl.SSLHandshakeException: Received fatal alert: \ certificate_unknown and on the client: java.io.IOException: sun.security.validator.ValidatorException: No \ trusted certificate found Where's my mistake? Verschicken Sie romantische, coole und witzige Bilder per SMS! Jetzt neu bei WEB.DE FreeMail: http://freemail.web.de/?mc=021193
RE: SSL: certificate_unknown
Hi Duke, Unfortunately I don't. My server was written in Python by a colleague. However, I think you should be ok if you understand SecureWebServer/WebServer.java along with Eric's code below...and you're probably just missing something simple, such as not creating the keystores/certs correctly. Here's a document on how to create the server and client keystores/certs that would at least eliminate one piece of the puzzle: http://www.yorku.ca/dkha/docs/jsse_cert/jsse_cert.htm Hope it helps. Regards, Daniel On Wed, 10 Nov 2004, Duke Tantiprasut wrote: Hi Daniel, Do you have a server-side example of the SecureXmlRpcTest.java? I tried Eric's server-side example below but I'm having trouble even just getting to server part working. The server runs but doesnt seem to bind to the specified port. It would be good if someone could the website is updated with some getting started guide for the SecureXmlRpc stuff. Thanks Duke -Original Message- From: Daniel [mailto:[EMAIL PROTECTED] Sent: Wednesday, November 03, 2004 6:41 AM To: [EMAIL PROTECTED] Subject: Re: SSL: certificate_unknown Hi, This might be of use to you: http://www.yorku.ca/dkha/docs/xmlrpc/SecureXmlRpcTest.java Regards, Daniel On Wed, 3 Nov 2004, Eric Zillmann wrote: Hi. I'm trying to get an XML-RPC server running via SecureWebServer/ SecureXmlRpcClient (without SSL it works of course ;). Unfortunately I couldn't find an example for use with SSL. I've created the keys with the following commands (as described in create-keystore.sh): keytool -genkey \ -alias server \ -keypass password \ -keystore keystore \ -storepass password \ -validity 180 keytool -export \ -alias server \ -keystore keystore \ -keypass password \ -storepass password \ -rfc \ -file testkeys.cer keytool -import \ -alias server \ -file testkeys.cer \ -keystore truststore \ -storepass password I've copied them in a subdirectory of the server and the client. The servers code is: SecurityTool.setKeyStore( keys/keystore ); SecurityTool.setKeyStorePassword( password ); SecurityTool.setKeyStoreType( JKS ); SecurityTool.setKeyManagerType( SunX509 ); SecurityTool.setSecurityProtocol( TLS ); SecureWebServer server = new SecureWebServer( 4711 ); server.addHandler( functions, new XMLRPCHandler() ); server.setParanoid( false ); server.start(); The client Code is: SecurityTool.setKeyStore( keys/keystore); SecurityTool.setKeyStorePassword( password); SecurityTool.setKeyStoreType( JKS ); SecurityTool.setKeyManagerType( SunX509 ); SecurityTool.setSecurityProtocol( TLS ); dbCon = new SecureXmlRpcClient( host, port ); dbCon.setup(); The server runs and the client's SecureXmlRpcClient object is being created but when I try to use execute, I get this exception on the server: javax.net.ssl.SSLHandshakeException: Received fatal alert: \ certificate_unknown and on the client: java.io.IOException: sun.security.validator.ValidatorException: No \ trusted certificate found Where's my mistake? Verschicken Sie romantische, coole und witzige Bilder per SMS! Jetzt neu bei WEB.DE FreeMail: http://freemail.web.de/?mc=021193
RE: SSL: certificate_unknown
Thanks Daniel, I'll check it out. -Original Message- From: Daniel [mailto:[EMAIL PROTECTED] Sent: Wednesday, November 10, 2004 1:59 PM To: Duke Tantiprasut Cc: [EMAIL PROTECTED] Subject: RE: SSL: certificate_unknown Hi Duke, Unfortunately I don't. My server was written in Python by a colleague. However, I think you should be ok if you understand SecureWebServer/WebServer.java along with Eric's code below...and you're probably just missing something simple, such as not creating the keystores/certs correctly. Here's a document on how to create the server and client keystores/certs that would at least eliminate one piece of the puzzle: http://www.yorku.ca/dkha/docs/jsse_cert/jsse_cert.htm Hope it helps. Regards, Daniel On Wed, 10 Nov 2004, Duke Tantiprasut wrote: Hi Daniel, Do you have a server-side example of the SecureXmlRpcTest.java? I tried Eric's server-side example below but I'm having trouble even just getting to server part working. The server runs but doesnt seem to bind to the specified port. It would be good if someone could the website is updated with some getting started guide for the SecureXmlRpc stuff. Thanks Duke -Original Message- From: Daniel [mailto:[EMAIL PROTECTED] Sent: Wednesday, November 03, 2004 6:41 AM To: [EMAIL PROTECTED] Subject: Re: SSL: certificate_unknown Hi, This might be of use to you: http://www.yorku.ca/dkha/docs/xmlrpc/SecureXmlRpcTest.java Regards, Daniel On Wed, 3 Nov 2004, Eric Zillmann wrote: Hi. I'm trying to get an XML-RPC server running via SecureWebServer/ SecureXmlRpcClient (without SSL it works of course ;). Unfortunately I couldn't find an example for use with SSL. I've created the keys with the following commands (as described in create-keystore.sh): keytool -genkey \ -alias server \ -keypass password \ -keystore keystore \ -storepass password \ -validity 180 keytool -export \ -alias server \ -keystore keystore \ -keypass password \ -storepass password \ -rfc \ -file testkeys.cer keytool -import \ -alias server \ -file testkeys.cer \ -keystore truststore \ -storepass password I've copied them in a subdirectory of the server and the client. The servers code is: SecurityTool.setKeyStore( keys/keystore ); SecurityTool.setKeyStorePassword( password ); SecurityTool.setKeyStoreType( JKS ); SecurityTool.setKeyManagerType( SunX509 ); SecurityTool.setSecurityProtocol( TLS ); SecureWebServer server = new SecureWebServer( 4711 ); server.addHandler( functions, new XMLRPCHandler() ); server.setParanoid( false ); server.start(); The client Code is: SecurityTool.setKeyStore( keys/keystore); SecurityTool.setKeyStorePassword( password); SecurityTool.setKeyStoreType( JKS ); SecurityTool.setKeyManagerType( SunX509 ); SecurityTool.setSecurityProtocol( TLS ); dbCon = new SecureXmlRpcClient( host, port ); dbCon.setup(); The server runs and the client's SecureXmlRpcClient object is being created but when I try to use execute, I get this exception on the server: javax.net.ssl.SSLHandshakeException: Received fatal alert: \ certificate_unknown and on the client: java.io.IOException: sun.security.validator.ValidatorException: No \ trusted certificate found Where's my mistake? Verschicken Sie romantische, coole und witzige Bilder per SMS! Jetzt neu bei WEB.DE FreeMail: http://freemail.web.de/?mc=021193
RE: SSL: certificate_unknown
Am Do, den 04.11.2004 schrieb Duke Tantiprasut um 18:23: Hi Eric, Did you have to change the server side or was the SecureWebServer example you provided was ok? The server side kept the same.
RE: SSL: certificate_unknown
Hi, I don't have the entire answer but what the gist of what you need to do is have the server create a SSLServerSocket that requires client auth by calling the SSLServerSocket.setWantClientAuth(..) and/or SSLServerSocket.setNeedClientAuth(..). And ensure you've got the necesary certs in both client and server for the auth. Regards, Daniel On Thu, 4 Nov 2004, Ranganath Udupa wrote: Hi, On the same issue, how do I add client side authentication using the SecureWebServer class? Don't think securityTool.setTrustStore(servertruststore) would work! How should I be handling client side authentication then? Any pointers would be appreciated. Thanks, Udupa -Original Message- From: Eric Zillmann [mailto:[EMAIL PROTECTED] Sent: Thursday, November 04, 2004 12:25 AM To: [EMAIL PROTECTED] Subject: Re: SSL: certificate_unknown Daniel [EMAIL PROTECTED] wrote (03.11.04 15:41:34): This might be of use to you: http://www.yorku.ca/dkha/docs/xmlrpc/SecureXmlRpcTest.java Thanks alot. That did the job :)
Re: SSL: certificate_unknown
Daniel [EMAIL PROTECTED] wrote (03.11.04 15:41:34): This might be of use to you: http://www.yorku.ca/dkha/docs/xmlrpc/SecureXmlRpcTest.java Thanks alot. That did the job :) __ Mit WEB.DE FreePhone mit hoechster Qualitaet ab 0 Ct./Min. weltweit telefonieren! http://freephone.web.de/?mc=021201
RE: SSL: certificate_unknown
Hi, On the same issue, how do I add client side authentication using the SecureWebServer class? Don't think securityTool.setTrustStore(servertruststore) would work! How should I be handling client side authentication then? Any pointers would be appreciated. Thanks, Udupa -Original Message- From: Eric Zillmann [mailto:[EMAIL PROTECTED] Sent: Thursday, November 04, 2004 12:25 AM To: [EMAIL PROTECTED] Subject: Re: SSL: certificate_unknown Daniel [EMAIL PROTECTED] wrote (03.11.04 15:41:34): This might be of use to you: http://www.yorku.ca/dkha/docs/xmlrpc/SecureXmlRpcTest.java Thanks alot. That did the job :)
Re: SSL: certificate_unknown
Hi, This might be of use to you: http://www.yorku.ca/dkha/docs/xmlrpc/SecureXmlRpcTest.java Regards, Daniel On Wed, 3 Nov 2004, Eric Zillmann wrote: Hi. I'm trying to get an XML-RPC server running via SecureWebServer/ SecureXmlRpcClient (without SSL it works of course ;). Unfortunately I couldn't find an example for use with SSL. I've created the keys with the following commands (as described in create-keystore.sh): keytool -genkey \ -alias server \ -keypass password \ -keystore keystore \ -storepass password \ -validity 180 keytool -export \ -alias server \ -keystore keystore \ -keypass password \ -storepass password \ -rfc \ -file testkeys.cer keytool -import \ -alias server \ -file testkeys.cer \ -keystore truststore \ -storepass password I've copied them in a subdirectory of the server and the client. The servers code is: SecurityTool.setKeyStore( keys/keystore ); SecurityTool.setKeyStorePassword( password ); SecurityTool.setKeyStoreType( JKS ); SecurityTool.setKeyManagerType( SunX509 ); SecurityTool.setSecurityProtocol( TLS ); SecureWebServer server = new SecureWebServer( 4711 ); server.addHandler( functions, new XMLRPCHandler() ); server.setParanoid( false ); server.start(); The client Code is: SecurityTool.setKeyStore( keys/keystore); SecurityTool.setKeyStorePassword( password); SecurityTool.setKeyStoreType( JKS ); SecurityTool.setKeyManagerType( SunX509 ); SecurityTool.setSecurityProtocol( TLS ); dbCon = new SecureXmlRpcClient( host, port ); dbCon.setup(); The server runs and the client's SecureXmlRpcClient object is being created but when I try to use execute, I get this exception on the server: javax.net.ssl.SSLHandshakeException: Received fatal alert: \ certificate_unknown and on the client: java.io.IOException: sun.security.validator.ValidatorException: No \ trusted certificate found Where's my mistake? Verschicken Sie romantische, coole und witzige Bilder per SMS! Jetzt neu bei WEB.DE FreeMail: http://freemail.web.de/?mc=021193