Javier's Blog

Mostly computers and other tech stuff,...

Saturday, December 19, 2009

Accepting certificates for OpenJMS HTTPS tunnel

OpenJMS HTTPS tunnel can be a bit tough to setup because Java by default validates SSL certificates and of course the errors you get from OpenJMS are really not that helpful. E.g., "java.io.IOException: HTTPS hostname wrong: should be."

During development often self signed certificates are used, which Java will fail to validate. This can be bypassed with a few lines of code, it will force Java not to check the validity of a certificate:

com.sun.net.ssl.HostnameVerifier hv=new com.sun.net.ssl.HostnameVerifier() {
public boolean verify(String urlHostname, String certHostname) {
logger.warn("Hostname: "+urlHostname
+" does not match certificate: "+certHostname);
return true;
}
};
com.sun.net.ssl.HttpsURLConnection.setDefaultHostnameVerifier(hv);

Useful Links:

Error I was getting: java.io.IOException: HTTPS hostname wrong: should be
http://www.java-samples.com/showtutorial.php?tutorialid=211

How to import a certificate from file in Java using keytool
http://blog.spikesource.com/java_certificate_import.htm

Error I was getting: HTTPS hostname wrong
http://www.velocityreviews.com/forums/t129514-https-hostname-wrong.html

How to create certificates:
http://emo.sourceforge.net/cert-login-howto.html

Another SSL HOWTO:
http://www.openssl.org/docs/HOWTO/certificates.txt

0 Comments:

Post a Comment

Links to this post:

Create a Link

<< Home