Validating Tomcat-SSL Configuration using a Java Client program

Continuing with the topic of configuring Apache Tomcat – SSL, we wish to validate the connection using a Java Client program.

The prime motive is to use a standard Java Console application and connect over SSL with an already deployed web portal running on Tomcat.

Use sample Java code – HelloClient.java (Replace the file extension from .java.txt to .java)

Syntax:
java HelloClient ip_address/host_of_server port cert_location keystore_password password_to_access_private_key
Example: $ java client localhost 8443 CliKeystore abcd123 abcd123

Make sure you specify the correct location of the Keystore.
Output:
Output of the Client Test program

0  

Bermuda Triangle of Un-Productivity :>

Here is a new rehashed version of the fictional Bermuda Triangle. 🙂 I wonder whether Florida folks are affected by this!

0  

Apache Tomcat 6 – SSL Configuration

Here, we will try to configure Apache Tomcat for SSL based request.

In a previous post, I showed how Certificates are generated

First of all, download 32/64 bit versions of Tomcat 6.0 from below links

 
 
Unzip either of the above under in C drive
 
In Windows 7, launch Command Prompt in Administrative mode and set below environment variables.
 
Set ‘JAVA_HOME’ environment variable to point at the top-level of your Java installation folder (e.g., C:\Program Files\Java\jdk1.6.0_21).
set JAVA_HOME=C:\Program Files\Java\jdk1.6.0_21
 
Set ‘CLASSPATH’ environment variable to include “.”, C:\Servlets+JSP, and the servlet/JSP JAR files.
set PATH=%JAVA_HOME%;%PATH%set CLASSPATH=.;C:\[TOMCAT_INSTALLATION_FOLDER]\lib\servlet-api.jar;C:\ [TOMCAT_INSTALLATION_FOLDER]\lib\jsp-api.jar;C:\apache-tomcat-6.0.28\lib\el-api.jar;C:\Servlets+JSP;..;..\..
 
Now, we will use the sample Catalina Project for our demonstration.
 
Open C:\[TOMCAT_INSTALLATION_FOLDER]\conf\server.xml and find the Connector element which has port=”8443″ and un-comment it if already not done.
 
Next, add two lines in there. The highlighted lines are the newly added ones.
 
Make sure SrvKeystore and the SrvCert.cer files are under webapps folder.
 
You can see that I have given  path to the keystoreFile property as relative to tomcat bin directory because the startup command will look for the SrvKeystore file.
 
If you have default Connector port as 80, make sure no other application is using it or otherwise change it to 8080 or anything else.
 
Now start your server.
 
32 bit version sample:
 
Catalina sample Startup
 
I got an Apache Exception while using 64 bit version which seems to be rectified in latest version of Apache. Visit the following link for more information
 
Check status of SSL by going to: https://localhost:8443/
 
 

 

0  

Generating Certificates using Keytool

In Windows 7, make sure you open Command Prompt under Administrative mode.

On Server machine:

$ keytool -genkey -alias SrvKeystore -keypass abcd123 -keystore SrvKeystore -storepass abcd123

What is your first and last name?

[Unknown]: G P

What is the name of your organizational unit?

[Unknown]: GauZ

What is the name of your organization?

[Unknown]: GauZ

What is the name of your City or Locality?

[Unknown]: NYC

What is the name of your State or Province?

[Unknown]: NY

What is the two-letter country code for this unit?

[Unknown]: US

Is CN=G P, OU=GauZ, O=GauZ, L=NYC, ST=NY, C=US correct?

[no]: yes

On Client machine:

$ keytool -genkey -alias CliKeystore -keypass abcd123 -keystore CliKeystore -storepass abcd123

What is your first and last name?

[Unknown]: P G

What is the name of your organizational unit?

[Unknown]: ZuaG

What is the name of your organization?

[Unknown]: ZuaG

What is the name of your City or Locality?

[Unknown]: NYV

What is the name of your State or Province?

[Unknown]: NY

What is the two-letter country code for this unit?

[Unknown]: US

Is CN=P G, OU=ZuaG, O=ZuaG, L=NYV, ST=NY, C=US correct?

[no]: yes

$ keytool -export -alias CliKeystore -keystore CliKeystore -file CliCert.cer

Enter keystore password:

Certificate stored in file <CliCert.cer>

Copy CliCert.cer to server machine

On Server machine:

$ keytool -import -alias CliCert -file CliCert.cer -keystore SrvKeystore -keypass abcd123 -storepass abcd123

Owner: CN=P G, OU=ZuaG, O=ZuaG, L=NYV, ST=NY, C=US

Issuer: CN=P G, OU=ZuaG, O=ZuaG, L=NYV, ST=NY, C=US

Serial number: 4d481b66

Valid from: Tue Feb 01 09:40:38 EST 2011 until: Mon May 02 10:40:38 EDT 2011

Certificate fingerprints:
MD5: 19:35:1E:1C:39:BC:A4:DA:9C:86:1A:67:6B:0C:4D:86
SHA1: 93:F5:BA:4D:48:02:A1:BE:F1:93:A0:6C:AF:48:AB:84:05:1B:B2:D7
Signature algorithm name: SHA1withDSA
Version: 3

Trust this certificate? [no]: yes

Certificate was added to keystore

$ keytool -export -alias SrvKeystore -keystore SrvKeystore -file SrvCert.cer

Enter keystore password:

Certificate stored in file <SrvCert.cer>

Copy SrvCert.cer to client machine


On Client machine:

$ keytool -import -alias SrvCert -file SrvCert.cer -keystore CliKeystore -keypass abcd123 -storepass abcd123

Owner: CN=G P, OU=GauZ, O=GauZ, L=NYC, ST=NY, C=US

Issuer: CN=G P, OU=GauZ, O=GauZ, L=NYC, ST=NY, C=US

Serial number: 4d481b2e

Valid from: Tue Feb 01 09:39:42 EST 2011 until: Mon May 02 10:39:42 EDT
2011

Certificate fingerprints:


MD5: 83:99:66:6F:C4:84:19:A8:C3:1A:A2:53:DC:0D:9F:8E
SHA1: 69:07:35:5E:A4:56:4D:A4:C5:EC:3C:3C:B3:8B:13:20:6C:86:5D:93

Signature algorithm name: SHA1withDSA

Version: 3

Trust this certificate? [no]: yes

Certificate was added to keystore

Client side: CliKeystore and CliCert.cer

Server side: SrvKeystore and SrvCert.cer

References:

http://download.oracle.com/javase/1.3/docs/tooldocs/win32/keytool.html

http://download.oracle.com/javase/1.5.0/docs/tooldocs/windows/keytool.html

https://www.digicert.com/easy-csr/keytool.htm

0  

Hug a Software Developer today!

Video has a powerful message and indeed highlights the various issues which plague a typical Software Developer 🙂

0