Databases
StackOverflow2013
Postsdbo
POEstablish client/server SSL connection with browser and my java server?
Body
 

Note that there are some explanatory texts on larger screens.

plurals
  1. POEstablish client/server SSL connection with browser and my java server?
    text
    copied!<p>I am trying to create a HttpsServer/Client so that I can create a proxy to examine traffic coming from the browser to the server. These types of tool are invaluable to people who test web application security. I have decided to use httpclient to send the requests and httpcore components for my server. At the moment I'm simply trying to establish the ssl socket connection between the browser and the server on port 8080. I have read all over and still cannot seem to get this to work. Here are the steps I did up to this point:</p> <ol> <li><p>Created a CA cert with keytool and added it to file called cacerts</p></li> <li><p>I added this cert to the firefox browser instance listening on port 8080</p></li> <li><p>In my code i do the following to call that cert in the server code </p> <pre><code> KeyStore ks = KeyStore.getInstance("JKS"); ks.load(new FileInputStream("C:\\Program Files\\Java\\jre6\\bin\\cacerts"), "password".toCharArray()); KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509"); kmf.init(ks, "password".toCharArray()); SSLContext context = SSLContext.getInstance("TLS"); context.init(kmf.getKeyManagers(), null, null); ServerSocketFactory ssocketFactory = SSLServerSocketFactory.getDefault(); serversocket = ssocketFactory.createServerSocket(port); </code></pre></li> </ol> <p>Then when I call the accept on the socket as seen below i get the following exception:</p> <pre><code>I/O error initialising connection thread: No available certificate or key corresponds to the SSL cipher suites which are enabled. javax.net.ssl.SSLException: No available certificate or key corresponds to the SSL cipher suites which are enabled. at com.sun.net.ssl.internal.ssl.SSLServerSocketImpl.checkEnabledSuites(Unknown Source) at com.sun.net.ssl.internal.ssl.SSLServerSocketImpl.accept(Unknown Source) at DefaultHttpServer$RequestListenerThread.run(DefaultHttpServer.java:151) </code></pre> <p>Here is line throwing the exception:</p> <pre><code> Socket socket = serversocket.accept(); </code></pre> <p>Any ideas on what i'm doing wrong here? Just trying to establish the ssl socket connection with the port 8080 the browser is sending its requests on.</p> <h2>Update 11/13</h2> <p>I took some of your information thus far and went to create a separate keystore file. This is what I did</p> <pre><code>C:\Users\Steve&gt;keytool -genkey -alias serverprivkey -keystore privateKey.store </code></pre> <p>Then I copied this file privateKey.store from my user directory over to my project folder and did the following changes in my code:</p> <pre><code> KeyStore ks = KeyStore.getInstance("JKS"); ks.load(new FileInputStream("privateKey.store"), "pass123".toCharArray()); KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509"); kmf.init(ks, "pass123".toCharArray()); </code></pre> <p>I know it is correctly grabbing that file because if passwords are wrong i get exceptions. However, i'm still getting that same exception. Any ideas what to try next?</p> <p>Here is what is inside privateKey.store:</p> <pre><code> C:\Users\Steve&gt;keytool -list -v -keystore privateKey.store Enter keystore password: Keystore type: JKS Keystore provider: SUN Your keystore contains 1 entry Alias name: serverprivkey Creation date: Nov 13, 2011 Entry type: PrivateKeyEntry Certificate chain length: 1 Certificate[1]: Owner: CN=sven rbera, OU=application developement, O=whs, L=san hjose, ST= ca, C=ca Issuer: CN=sven rbera, OU=application developement, O=whs, L=san hjose, ST =ca, C=ca Serial number: 4ec00a18 Valid from: Sun Nov 13 10:19:04 PST 2011 until: Sat Feb 11 10:19:04 PST 2012 Certificate fingerprints: MD5: 9C:A7:2B:CE:DC:AD:5B:9C:D6:B7:71:6C:EC:91:8A:24 SHA1: 47:8F:9B:A2:E1:31:A5:D9:F6:71:8A:CA:3F:CB:BA:FC:C7:2D:F5:A8 Signature algorithm name: SHA1withDSA Version: 3 </code></pre> <hr> <hr> <p>I have changed my key to now use RSA as mentioned. Additionally, i added the debug flag for SSL and have it available. Its a bit tricky to fully understand but it looks like it finds the key serverprivkey2 just fine. Then it goes into trustStore and I do not see anything in that list that looks like it came from me. I really dont know what i should be expecting to see in that section. Any ideas?</p> <pre><code> *** found key for : serverprivkey2 chain [0] = [ [ Version: V3 Subject: CN=steve, OU=labarbera, O=whs, L=sj, ST=ca, C=ca Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5 Key: Sun RSA public key, 1024 bits modulus: 140985119594686674696976228136679950023710897166974487014150510574037897724033913877362573524361519470364814271848450916151017718803985253447854099124509296799994400199293690731598145912452994962103007955337967369473821653235218532303270695076070736956288068926075705380732910518314547899958542901647381772169 public exponent: 65537 Validity: [From: Sun Nov 13 14:45:44 PST 2011, To: Sat Feb 11 14:45:44 PST 2012] Issuer: CN=steve, OU=labarbera, O=whs, L=sj, ST=ca, C=ca SerialNumber: [ 4ec04898] ] Algorithm: [SHA1withRSA] Signature: 0000: C8 81 37 74 E9 7C A4 76 9F FD EC 8A 78 69 F2 A4 ..7t...v....xi.. 0010: 64 1E C9 98 FD 99 FB 48 3D E2 C5 C5 EB A3 34 1B d......H=.....4. 0020: 7C BE B3 E4 F7 4D 90 F1 AB A6 4D 36 97 95 9B 95 .....M....M6.... 0030: 90 C1 B9 28 9C DE A0 4A AD C7 10 8F 06 57 A6 2B ...(...J.....W.+ 0040: 51 45 63 73 ED 1E AF 5F 61 E2 87 1A 7C CD 4E 3F QEcs..._a.....N? 0050: A7 18 15 FA 73 94 58 46 62 46 42 F9 31 12 2F C7 ....s.XFbFB.1./. 0060: 6E 6E A0 3F 17 FA A8 24 FC 68 83 88 E2 23 EF DE nn.?...$.h...#.. 0070: E9 F5 58 AB 16 19 1B 82 72 C6 A0 A7 7E 41 36 1C ..X.....r....A6. ] *** trustStore is: C:\Program Files\Java\jre6\lib\security\cacerts trustStore type is : jks trustStore provider is : init truststore adding as trusted cert: ... bunch certs none of which look familiar? </code></pre>
 

Querying!

 
Guidance
An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload