https://stackoverflow.com/questions/20798652
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianYou need to import the signed CSR with the same alias as it had before when it was only a keypair.
Java SSLServerSocket presents wrong certificate
-
21-09-2022 - |
Question
I'm currently trying to change my daemon from a regular unencrypted one to one using SSL.
I'm doing this the following way:
System.setProperty("javax.net.ssl.keyStore", "keyfile.jks");
System.setProperty("javax.net.ssl.trustStore", "keyfile.jks");
System.setProperty("javax.net.ssl.keyStorePassword", "testtest");
System.out.println("Starting ssl socket for encrypted communication...");
SSLServerSocketFactory sslServerSocketFactory = (SSLServerSocketFactory)SSLServerSocketFactory.getDefault();
SSLServerSocket sslServerSocket = (SSLServerSocket) sslServerSocketFactory.createServerSocket(Settings.listenPortSsl);
SSLServerSocket sslServerSocket = (SSLServerSocket) ssf.createServerSocket(Settings.listenPortSsl);
System.out.println("SSL-Server started.");
while(!stopRequested)
{
System.out.println("SSL-Server - Waiting for connection.");
SSLSocket clientSideConnection = (SSLSocket) sslServerSocket.accept();
// do stuff for the client
}
My keystore looks the following:
C:\SW Setup>keytool -list -keystore keyfile.jks -storepass testtest
Keystore-Typ: JKS
Keystore-Provider: SUN
Ihr Keystore enthõlt 2 Eintrõge.
localserver, 27.12.2013, trustedCertEntry,
Zertifikatsfingerabdruck (MD5): D1:B1:8F:91:C2:1F:7F:85:70:AE:8B:F3:25:9D:9A:65
myname, 27.12.2013, PrivateKeyEntry,
Zertifikatsfingerabdruck (MD5): AF:DA:AD:F0:09:A5:9E:3C:D3:F0:6C:D9:FE:1F:DC:F0
I created a signing request, had that signed by my (Windows) CA and imported it into this keystore. As far as I understand if there's only one pair of public/private keys it picks that one, doesn't it? I've also exported the public key again and looked at it - it is correctly signed by my CA.
But when I try to connect to my daemon (I tested this by just trying to connect to it via a webbrowser) it keeps presenting some self signed certificate.
Does anybody have an idea why that happens?
BTW: I've played a bit with the System.setProperty lines at the top. If I enter a wrong filename or password it won't start, so it really seems to load the right file.
Solution
OTHER TIPS
After wasting some more time with code checks I decided to recreate the keystore even if it seemed to be ok... it wasn't. After creating a fresh store, private key and csr it finally worked and I got my officially signed certificate! :-)
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
