SSL Socket connection
You need a certificate to establish an ssl connection, you can load the certificate inside a keystore or you can load the certificate itself. I will show some examples for the keystore option.
Your code needs some parameters to run :
java -Djavax.net.ssl.keyStore=keyStoreFile -Djavax.net.ssl.keyStorePassword=keystorePassword Server
You can also load the keystore with java code , the simplest solution for this is to set the system properties:
System.setProperty("javax.net.ssl.keyStore", 'keystoreFile');
System.setProperty("javax.net.ssl.keyStorePassword", 'keystorePassword ');
Also you can load the keystore with a different way, its more complicated but you have the ability to do more complex things :
KeyStore ks = KeyStore.getInstance("JKS");
ks.load(new FileInputStream("keystoreFile"), "keystorePassword".toCharArray());
KeyManagerFactory kmf = KeyManagerFactory.getInstance("X509");
kmf.init(ks, "keystorePassword".toCharArray());
TrustManagerFactory tmf = TrustManagerFactory.getInstance("X509");
tmf.init(ks);
SSLContext sc = SSLContext.getInstance("TLS");
TrustManager[] trustManagers = tmf.getTrustManagers();
sc.init(kmf.getKeyManagers(), trustManagers, null);
SSLServerSocketFactory ssf = sc.getServerSocketFactory();
SSLServerSocket s = (SSLServerSocket) ssf.createServerSocket(serverport);
SSLSocket c = (SSLSocket) s.accept();
For the clients there are a few changes in the code last lines, the 3 last lines will be replaced with these :
SSLSocketFactory ssf = sc.getSocketFactory();
SSLSocket s = (SSLSocket) ssf.createSocket(serverip, serverport);
s.startHandshake();
If you want to load a keystore for android the type will have to be "BKS" and not "JKS". You can find easily resources for creating a keystore.
Related videos on Youtube
Victor
I had worked as a Backend Software Engineer since 2007, mostly working with Java and C/C++.
Updated on February 27, 2020Comments
-
Victor over 4 years
How can I create a SSL Socket connection?
I realy need to create a keystore? This keystore should be shared with all my client applications?
I have create a server with the following code:
SSLServerSocketFactory sslserversocketfactory = (SSLServerSocketFactory) SSLServerSocketFactory .getDefault(); SSLServerSocket sslserversocket = (SSLServerSocket) sslserversocketfactory .createServerSocket(ServerProperties.getInstance() .getVSSPAuthenticationPort());
I have create a client on android with the following code:
SSLSocketFactory sslsocketfactory = (SSLSocketFactory) SSLSocketFactory .getDefault(); SSLSocket sslsocket = (SSLSocket) sslsocketfactory.createSocket( host, authPort); sslsocket.startHandshake(); BufferedWriter writer = new BufferedWriter(new OutputStreamWriter( sslsocket.getOutputStream())); BufferedReader reader = new BufferedReader(new InputStreamReader( sslsocket.getInputStream()));
But when I try to connect, the following error is throwed:
javax.net.ssl.SSLHandshakeException: no cipher suites in common at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1886) at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:276) at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:266) at sun.security.ssl.ServerHandshaker.chooseCipherSuite(ServerHandshaker.java:894) at sun.security.ssl.ServerHandshaker.clientHello(ServerHandshaker.java:622) at sun.security.ssl.ServerHandshaker.processMessage(ServerHandshaker.java:167) at sun.security.ssl.Handshaker.processLoop(Handshaker.java:868) at sun.security.ssl.Handshaker.process_record(Handshaker.java:804) at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1016) at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1312) at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1339) at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1323)
-
user207421 almost 11 yearsYou only need a certificate to establish an SSL connection if the server you are connecting to require it. Ditto a keystore.
-
VGe0rge almost 11 yearsAre you saying that the certificate is optional ?
-
user207421 almost 11 yearsI said you only need it if the server requires it. I wouldn't describe that as 'optional': more configuration-dependent.
-
VGe0rge almost 11 yearsYou are talking about the user certificate and of course your are right! I am not on the other hand, this was my misunderstanding ;)
-
user207421 almost 10 yearsThere is no evidence here that the server doesn't have a certificate.
-
SGuru about 6 years@VGe0rge why do you have TrustManager on the server side? Shouldn't this be on client side?
-
Cukic0d about 5 yearsI followed gpotter2.github.io/tutos/en/sslsockets : there's some help on how to build the certificates then a few util classes. It also explains how to make it work on Android