hc-httpclient-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jon Moore <j...@jjmoore.net>
Subject Re: Https server
Date Fri, 18 Jul 2014 10:05:00 GMT
Hi Jax,

You still need to load the keystore because that's where your server certificate is stored,
which you still need to make an SSL connection.

If you don't want to do certificate validation, then you can create a self-signed certificate.
That said, there are free ways to get verified server certificates (e.g. StartSSL), so you
might also look into that.

Jon
........
Jon Moore

> On Jul 18, 2014, at 2:51 AM, jax <jaxleslie@gmail.com> wrote:
> 
> Hi All,
> 
> I'm trying to implement a Https Asynchronous server. I am using the example
> - Asynchronous HTTP server.
> It is not a requirement that I implement certificate validation, I just need
> to be able to accept files on port 443.
> 
> Do I need to still provide the following code?
> 
>            ClassLoader cl = NHttpServer.class.getClassLoader();
>            URL url = cl.getResource("my.keystore");
>            if (url == null) {
>                System.out.println("Keystore not found");
>                System.exit(1);
>            }
>            KeyStore keystore  = KeyStore.getInstance("jks");
>            keystore.load(url.openStream(), "secret".toCharArray());
>            KeyManagerFactory kmfactory = KeyManagerFactory.getInstance(
>                    KeyManagerFactory.getDefaultAlgorithm());
>            kmfactory.init(keystore, "secret".toCharArray());
>            KeyManager[] keymanagers = kmfactory.getKeyManagers();
> 
> If I initialise my SSLContext without using the keymanagers, I am not able
> to connect using curl.
> 
>            SSLContext sslcontext = SSLContext.getInstance("TLS");
>            sslcontext.init(null, null, null);
>            connFactory = new SSLNHttpServerConnectionFactory(sslcontext,
>                    null, ConnectionConfig.DEFAULT);
> 
> 
> [root@localhost ~]# curl -v -i -k https://<ip>:443/getStatus
> * About to connect() to <ip> port 443 (#0)
> *   Trying <ip>... connected
> * Connected to <ip> (<ip>) port 443 (#0)
> * Initializing NSS with certpath: sql:/etc/pki/nssdb
> * warning: ignoring value of ssl.verifyhost
> * NSS error -5938
> * Closing connection #0
> * SSL connect error
> 
> What is the best way to do this?
> 
> Thanks, Jax.
> 
> 
> 
> --
> View this message in context: http://httpcomponents.10934.n7.nabble.com/Https-server-tp23868.html
> Sent from the HttpClient-User mailing list archive at Nabble.com.
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
> For additional commands, e-mail: httpclient-users-help@hc.apache.org
> 

---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org


Mime
View raw message