sslpoke | Tool for testing establishment of TLS connections in Java | TLS library
kandi X-RAY | sslpoke Summary
kandi X-RAY | sslpoke Summary
Test establishment of a TLS connection to a host with Java. This version has been enhanced to print all known system and security properties relevant to TLS and HTTPS.
Support
Quality
Security
License
Reuse
Top functions reviewed by kandi - BETA
- Demonstrates how to connect to a given host
- Connects to the SSLSession
sslpoke Key Features
sslpoke Examples and Code Snippets
Lines of Code : 103License : Non-SPDX (NOASSERTION)
Copyjava -jar sslpoke.jar www.github.com 443
connecting to www.github.com:443 with the following system and security properties:
java.version: System: 1.8.0_251
java.vendor: System: Oracle Corporation
policy.allowSystemProperty: Security: true
java.secu Community Discussions
Trending Discussions on sslpoke
QUESTION
In my situation, I have Jenkins with two nodes. One is acting as a master node, and the other nodes as a slave. Also, I have a separate instance for running on SonarQube.
I have an internal Certificate Authority. I used it to sign my certificates. also, I added this CA certificate to the Jenkins java instance trusted store using keytool. I verified my works using SSLPoke.
But the things is when I run a job using SonarQube analysis it failed with the following error can anyone help me to troubleshoot this issue.
...ANSWER
Answered 2021-Apr-12 at 10:52The issue was in my certificate; I need to add SAN to the particular domain name (sonar.example.org). After creating a new certificate with SAN, everything goes as expected.
QUESTION
I am trying to setup the rabbitmq machine agent for AppDynamics with a standalone RabbitMQ. https://www.appdynamics.com/community/exchange/extension/rabbitmq-monitoring-extension/
...ANSWER
Answered 2019-Oct-02 at 22:37The most important thing to understand about this error is the meaning of this line:
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
SSL certificates work by establishing a certificate chain, or a hierarchy of trust. For example, if I go to https://www.google.com and look at their cert, this is what I see:
There is the google cert, which sits on their servers/CDN, then an intermediate cert which also sits on their servers/CDN, then a trusted root CA cert which is in the client keystore and is implicitly trusted. So when someone browses to google, b/c they have the root CA cert and have trusted it, the browser (client) will trust that the server is actually who they say they are and will establish a secure connection to the site.
So getting back to your error, whatever CA issued the server cert being used by RabbitMQ, the monitor is not recognizing it as trusted. To troubleshoot this error, here are the things to do:
- Look at the server cert and ensure it can be validated. openssl works well for this; run:
openssl s_client -connect 127.0.0.1:15672 -showcertsand look at the cert chain. - Validate the root CA is trusted by your java keystore. You can view these certs with the
keystoretool:keytool -list -v -keystore -storepass. Ensure the cert listed above is in the keystore.
There are a couple other gotchas to watch out for:
- What keystore java is using is not always obvious. The jdk has a default keystore, and each app can use its own keystore, like you are doing above. Ensure you know what keystore is being used. Although it will add lots of logging, is can be helpful to add
-Djavax.net.debug=allto the command line. - Beware adding individual server certs to the keystore. This will work, until the server cert expires. Much better to depend on trusted CA certs, which are generally maintained at the platform level. Adding individual certs is generally considered an anti-pattern.
QUESTION
We suspect that the host is terminating the connection due to it not supporting TLS1, but how do we force the SSLPoke utility to use TLS1.2?
Alternatively, is there another utility like SSLPoke to debug SSL issues?
Note that we are using both -Djdk.tls.client.protocols=TLSv1.2 and -Dhttps.protocols=TLSv1.2
ANSWER
Answered 2019-Sep-25 at 22:12You can do this with very simple changes to the code, assuming you have a JDK or equivalent installed. Because TLS negotiates over a range of versions (until TLS1.3 and Java11, neither applicable here) there are two possibilities:
you want to support or allow 1.2 (because the server requires it) but don't care about lower versions
you want to require 1.2 only (and fail if the server supports lower)
For case 1 there are two choices:
QUESTION
I have a keystore file that works good. I have tested it using the below command ::
...ANSWER
Answered 2017-May-10 at 21:55You are handing the client a key store but in general you should be handing it a trust store as that is what tells the client which server certificates it trusts. You only give a key store when you are doing mutual authentication and the client needs to provide a certificate to the remote.
My first suggestion would be to set the transport.trustStoreLocation as defined in the client documentation.
If that doesn't work then it's time to break down and do some debugging of the SSL handshake.
QUESTION
Sending an e-mail via gmail resulted in getting a PKIX certification path error. The same applied to sending an e-mail from Tomcat.
After solving the issue, I hope you find this post useful. This post provides you with a step by step diagnosis for these kinds of errors.
Step 1: I tried to solve the problem using this post and another post, but that did not help me. In most cases this will be sufficient. You can use the keytool to list the certificates via 'keytool -list -keystore "%JAVA_HOME%/jre/lib/security/cacerts"'
I added the certificate by clicking the lock-icon of the gmail URL and exporting/importing the certificate to the cacert file of my used JDK version. I could see with keytool -list that the certificate was added. This process is described well in the (linked) posts.
Step 2A: Was I using the right truststore? I added the JVM arguments to direct the certificate search, like -Djavax.net.ssl.trustStore="..../jre/lib/security/cacerts" -Djavax.net.ssl.trustStorePassword="changeit".
Step 2B: When I change the value of the cacerts file to cacertsXYZ I get the error. So, this proofed that the 'cacert' was used.
Caused by: javax.mail.MessagingException: Can't send command to SMTP host; nested exception is: javax.net.ssl.SSLException: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
Step 2C: Was this also the case for my Tomcat webserver? I verified that in the cacerts of my JRE_HOME that the certificate was there. In Tomcat my JRE_HOME is "C:\Program Files\Java\jdk1.8.0_144\jre". My JAVA_HOME = C:\Program Files\Java\jdk1.8.0_144.
Step 3: I tried with publicly available 'SSLPoke' Java class to see whether I could connect with Google and or smtp.gmail.com. The results are in the listing: I could connect with SSL to google.com AND mail.google.com via port 443.
...ANSWER
Answered 2017-Dec-18 at 16:50Finally I found the answer.
1 - Of course the google/gmail certifcates were ok ;-) Step 1 was performing these kinds of checks. Trying to add the certificate CA by hand, etc. See above.
2 - Step 2 was checking whether the known 'SSLPoke' Java class Java class could get contact with the secure website.
3 - After checking all above checks, executing 'openssl' showed that my virus scanner email-shield blocked the traffic. Stopping this defence for some time was step 3.
4 - Then I got the 'not authenticated' error from Gmail. Allowing the 'gmail account accessable from weakly authenticated apps', that finally gave a correctly sent e-mail. This is an Google account security setting
QUESTION
I am trying to connect to service bus for windows server using the java example which is provided on microsoft website.
Below are the libraries I am using for this POC
...ANSWER
Answered 2017-Oct-13 at 13:34You are using two different AMQP JMS client library dependencies on your project so I've no idea what's really going on, but my first guess is that you end up using the legacy 'qpid-amqp-1-0-client-jms' client which is not supported and definitely not going to work. I'd remove that and try to get things going with just the Qpid JMS 0.26.0 client library, although I believe there's some other URI options you might need as azure has some specific requirements in order to connect.
Community Discussions, Code Snippets contain sources that include Stack Exchange Network
Vulnerabilities
No vulnerabilities reported
Install sslpoke
You can use sslpoke like any standard Java library. Please include the the jar files in your classpath. You can also use any IDE and you can run and debug the sslpoke component as you would do with any other Java program. Best practice is to use a build tool that supports dependency management such as Maven or Gradle. For Maven installation, please refer maven.apache.org. For Gradle installation, please refer gradle.org .
Support
Reuse Trending Solutions
Find, review, and download reusable Libraries, Code Snippets, Cloud APIs from over 650 million Knowledge Items
Find more librariesStay Updated
Subscribe to our newsletter for trending solutions and developer bootcamps
Share this Page
