Javier's Blog: Accepting certificates for OpenJMS HTTPS tunnel

OpenJMS HTTPS tunnel can be a bit tough to setup because Java by default validates SSL certificates and of course the errors you get from OpenJMS are really not that helpful. E.g., "java.io.IOException: HTTPS hostname wrong: should be."

During development often self signed certificates are used, which Java will fail to validate. This can be bypassed with a few lines of code, it will force Java not to check the validity of a certificate:


  com.sun.net.ssl.HostnameVerifier hv=new com.sun.net.ssl.HostnameVerifier() {
      public boolean verify(String urlHostname, String certHostname) {
          logger.warn("Hostname: "+urlHostname
              +" does not match certificate: "+certHostname);
          return true;
      }
 };
 com.sun.net.ssl.HttpsURLConnection.setDefaultHostnameVerifier(hv);

Useful Links:

Error I was getting: java.io.IOException: HTTPS hostname wrong: should be
http://www.java-samples.com/showtutorial.php?tutorialid=211

How to import a certificate from file in Java using keytool
http://blog.spikesource.com/java_certificate_import.htm

Error I was getting: HTTPS hostname wrong
http://www.velocityreviews.com/forums/t129514-https-hostname-wrong.html

How to create certificates:
http://emo.sourceforge.net/cert-login-howto.html

Another SSL HOWTO:
http://www.openssl.org/docs/HOWTO/certificates.txt

Javier's Blog

Saturday, December 19, 2009

Accepting certificates for OpenJMS HTTPS tunnel

0 Comments:

Post a Comment

Links to this post:

Javier's Blog

About Me

Previous Posts