<build>
<plugins>
<plugin>
<groupId>org.mortbay.jetty</groupId>
<artifactId>maven-jetty-plugin</artifactId>
<configuration>
<contextPath>/mycontext</contextPath>
<scanIntervalSeconds>5</scanIntervalSeconds>
<connectors>
<!--connector implementation="org.mortbay.jetty.nio.SelectChannelConnector">
<port>8080</port>
<maxIdleTime>60000</maxIdleTime>
</connector-->
<connector implementation="org.mortbay.jetty.security.SslSocketConnector">
<port>8443</port>
<maxIdleTime>60000</maxIdleTime>
<keystore>${project.basedir}/src/main/certificates/server1.jks</keystore>
<password>pass</password>
<keyPassword>pass</keyPassword>
<wantClientAuth>true</wantClientAuth><!-- deprecated! -->
<needClientAuth>false</needClientAuth><!-- deprecated! -->
<!-- http://stackoverflow.com/questions/8816874/avoid-use-of-deprecated-methods-in-org-eclipse-jetty-server-ssl-sslsocketconnect -->
</connector>
</connectors>
</configuration>
</plugin>
</plugins>
</build>
Wednesday, March 28, 2012
Client authentication with SSL certificates in Jetty in maven
Here is an example pom.xml fragment:
Client authentication with SSL certificates in Tomcat
Place something like this in server.xml file:
Attention: clientAuth parameter, in Tomcat 6.0 can get value "want", so it accepts connections with and wothout certificates. The application could decide what to do with the two types of clients internally. Take attention Tomcat 6.0 COULD NOT understand option clientAuth="optional". I suppose it was valid sometime, but now it is not.
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
sslProtocol="TLS"
keystorePass="pass"
keystoreFile="/data/miteff/someserver/server1.jks"
truststoreFile="/data/miteff/eshop/MiteffRootCa.jks"
truststorePass="pass"
keyAlias="www.miteff.com"
clientAuth="want"
SSLVerifyClient="optional"
SSLCACertificateFile="/data/miteff/someserver/MiteffRootCA.pem"
/>
Attention: clientAuth parameter, in Tomcat 6.0 can get value "want", so it accepts connections with and wothout certificates. The application could decide what to do with the two types of clients internally. Take attention Tomcat 6.0 COULD NOT understand option clientAuth="optional". I suppose it was valid sometime, but now it is not.
Tuesday, March 27, 2012
Checking certificate validity via CRL with openssl
openssl verify -crl_check -CAfile miteff-root-ca-c.crt -untrusted signer-ca-c3-chain.crt https-miteff.com.chain.crt
Thursday, March 22, 2012
maven webapp archetype
mvn archetype:generate -DgroupId=com.mycompany.app -DartifactId=my-webapp -DarchetypeArtifactId=maven-archetype-webapp
Wednesday, March 21, 2012
Getting HTTPS SSL certificates from HttpRequest in Java
Such an easy solution:
The result is the whole certificate chain.
The client could or could not send its certificate. A client certificate can be send in SSL version 3 and in TLS. You have to set an option to the web application server to want ant to accept client certificates. In jetty, the option is named wantClientAuth. Later I will extend the article with the name for Tomcat.
java.security.cert.X509Certificate cert[] =
(java.security.cert.X509Certificate[]) httpServletRequest.getAttribute
("javax.servlet.request.X509Certificate");
The result is the whole certificate chain.
The client could or could not send its certificate. A client certificate can be send in SSL version 3 and in TLS. You have to set an option to the web application server to want ant to accept client certificates. In jetty, the option is named wantClientAuth. Later I will extend the article with the name for Tomcat.
Monday, March 19, 2012
Adding external jar libraries to maven project
You have to add something like this in your pom.xml:
<dependency>
<groupId>com.xxx.yyy.messages</groupId>
<artifactId>xxxyyyMessages2</artifactId>
<version>2.0-SNAPSHOT</version>
<scope>system</scope>
<systemPath>${project.basedir}/../xxxyyyMessages2/target/xxxyyyMessages2-2.0-SNAPSHOT.jar</systemPath>
</dependency>
Monday, March 12, 2012
Making jar with dependency jars incorporated with maven
I want to start my program from the clear console. Here is the code, which has to be placed in pom.xml:
Redirecting output in MS DOS
I need to redirect the error output to file also. This can be done with
For example:
command > certpath.txt 2>&1
For example:
java -Djava.security.debug=certpath -jar target\xxx-2.0-SNAPSHOT-jar-with-dependencies.jar > certpath.txt 2>&1
Friday, March 9, 2012
Checking certificate validity via OCSP with OpenSSL
The certificate have to had a OCSP definition.
Note: add full path to the files
openssl
OpenSSL>
OpenSSL> ocsp -issuer G:\temp\1\XXXRootCA.pem -cert G:\temp\1\XXXRootCA.pem -CAfile G:\temp\1\XXXRootCA.pem -url http://ocsp.myserver.com:80 -text
Note: add full path to the files
Debugging classes without sources
I have to debug some classes, which are not provided with source code in NetBeans.
I have to choose from these options:
1. Switch to Eclipse and use JD-Eclipse. Many people indicates that they use it without problems.
2. Decompile the sources and add them to IDE. In this case we have to an another problem - line numbers. From Java bytecode, IDE knows the lines, where the operations are placed in source code. If lines mismatch, the debugger jumps to wrong numbers - fail.
I have to choose from these options:
1. Switch to Eclipse and use JD-Eclipse. Many people indicates that they use it without problems.
2. Decompile the sources and add them to IDE. In this case we have to an another problem - line numbers. From Java bytecode, IDE knows the lines, where the operations are placed in source code. If lines mismatch, the debugger jumps to wrong numbers - fail.
Sunday, March 4, 2012
Multiple vhosts with apache httpd
There are two major questions about that:
1. May an apache site has multiple https virtual hosts?
2. May an apache site has different certificates for different virtual hosts.
Answers:
1. May an apache site has multiple https virtual hosts?
2. May an apache site has different certificates for different virtual hosts.
Answers:
Subscribe to:
Posts (Atom)