{"id":531,"date":"2014-12-29T23:43:07","date_gmt":"2014-12-30T08:43:07","guid":{"rendered":"http:\/\/blog.box.kr\/?p=531"},"modified":"2014-12-29T23:43:07","modified_gmt":"2014-12-30T08:43:07","slug":"java-ssl-client-%ea%b0%9c%eb%b0%9c%ec%8b%9c-trusting-an-expired-certificate-%ec%98%a4%eb%a5%98","status":"publish","type":"post","link":"https:\/\/blog.box.kr\/?p=531","title":{"rendered":"java ssl client \uac1c\ubc1c\uc2dc Trusting an expired certificate \uc624\ub958"},"content":{"rendered":"<pre class=\"lang-java prettyprint prettyprinted\"><code>\ud558\uae30 \ucf54\ub4dc\ub97c \uc0ac\uc6a9\ud558\uba74 \ubaa8\ub4e0 \uc778\uc99d\uc11c( \ud14c\uc2a4\ud2b8, \uc720\ud6a8\uae30\uac04 \uc9c0\ub09c\uac70.. \ub4f1 )\uc744 \ubaa8\ub450 \uc2e0\ub8b0\ud574\ubc84\ub9b0\ub2e4. ( Real \uc801\uc6a9\ud558\uba74 \ubcf4\uc548\uc5d0 \ubb38\uc5d0 \uc788\uc74c. )<\/code><\/pre>\n<pre class=\"lang-java prettyprint prettyprinted\"><code>======================================================================\n\n   <span class=\"kwd\">try<\/span> <span class=\"pun\">{<\/span>\n        <span class=\"typ\">SSLContext<\/span><span class=\"pln\"> ctx <\/span><span class=\"pun\">=<\/span> <span class=\"typ\">SSLContext<\/span><span class=\"pun\">.<\/span><span class=\"pln\">getInstance<\/span><span class=\"pun\">(<\/span><span class=\"str\">\"TLS\"<\/span><span class=\"pun\">);<\/span><span class=\"pln\">\n        ctx<\/span><span class=\"pun\">.<\/span><span class=\"pln\">init<\/span><span class=\"pun\">(<\/span><span class=\"kwd\">new<\/span> <span class=\"typ\">KeyManager<\/span><span class=\"pun\">[<\/span><span class=\"lit\">0<\/span><span class=\"pun\">],<\/span> <span class=\"kwd\">new<\/span> <span class=\"typ\">TrustManager<\/span><span class=\"pun\">[]<\/span> <span class=\"pun\">{<\/span> <span class=\"kwd\">new<\/span><span class=\"pln\"> X509TrustManager<\/span><span class=\"pun\">()<\/span> <span class=\"pun\">{<\/span>\n            <span class=\"lit\">@Override<\/span>\n            <span class=\"kwd\">public<\/span> <span class=\"kwd\">void<\/span><span class=\"pln\"> checkClientTrusted<\/span><span class=\"pun\">(<\/span><span class=\"pln\">X509Certificate<\/span><span class=\"pun\">[]<\/span><span class=\"pln\"> x509Certificates<\/span><span class=\"pun\">,<\/span> <span class=\"typ\">String<\/span><span class=\"pln\"> name<\/span><span class=\"pun\">)<\/span> <span class=\"kwd\">throws<\/span> <span class=\"typ\">CertificateException<\/span> <span class=\"pun\">{}<\/span>\n\n            <span class=\"lit\">@Override<\/span>\n            <span class=\"kwd\">public<\/span> <span class=\"kwd\">void<\/span><span class=\"pln\"> checkServerTrusted<\/span><span class=\"pun\">(<\/span><span class=\"pln\">X509Certificate<\/span><span class=\"pun\">[]<\/span><span class=\"pln\"> x509Certificates<\/span><span class=\"pun\">,<\/span> <span class=\"typ\">String<\/span><span class=\"pln\"> name<\/span><span class=\"pun\">)<\/span> <span class=\"kwd\">throws<\/span> <span class=\"typ\">CertificateException<\/span> <span class=\"pun\">{}<\/span>\n\n            <span class=\"lit\">@Override<\/span>\n            <span class=\"kwd\">public<\/span><span class=\"pln\"> X509Certificate<\/span><span class=\"pun\">[]<\/span><span class=\"pln\"> getAcceptedIssuers<\/span><span class=\"pun\">()<\/span> <span class=\"pun\">{<\/span>\n                <span class=\"kwd\">return<\/span> <span class=\"kwd\">null<\/span><span class=\"pun\">;<\/span>\n            <span class=\"pun\">}<\/span>\n        <span class=\"pun\">}<\/span> <span class=\"pun\">},<\/span> <span class=\"kwd\">new<\/span> <span class=\"typ\">SecureRandom<\/span><span class=\"pun\">());<\/span>\n\n        <span class=\"typ\">SSLContext<\/span><span class=\"pun\">.<\/span><span class=\"pln\">setDefault<\/span><span class=\"pun\">(<\/span><span class=\"pln\">ctx<\/span><span class=\"pun\">);<\/span>\n    <span class=\"pun\">}<\/span> <span class=\"kwd\">catch<\/span> <span class=\"pun\">(<\/span><span class=\"typ\">Exception<\/span><span class=\"pln\"> e<\/span><span class=\"pun\">)<\/span> <span class=\"pun\">{<\/span>\n        <span class=\"kwd\">throw<\/span> <span class=\"kwd\">new<\/span> <span class=\"typ\">RuntimeException<\/span><span class=\"pun\">(<\/span><span class=\"pln\">e<\/span><span class=\"pun\">);<\/span>\n    <span class=\"pun\">}\n<\/span><\/code><\/pre>\n<pre class=\"lang-java prettyprint prettyprinted\"><code>======================================================================\n<\/code><\/pre>\n<pre class=\"lang-java prettyprint prettyprinted\"><\/pre>\n<pre class=\"lang-java prettyprint prettyprinted\">\uc6d0\ucd08 \uc801\uc778 \ud574\uacb0 \uc548\uc740... jvm\uc5d0 \uc778\uc99d\uc11c \uc124\uce58 \ud558\uae30..<\/pre>\n<pre class=\"lang-java prettyprint prettyprinted\">Found that the following javax properties returned null value in the WebSphere.\njavax.net.ssl.trustStore,\njavax.net.ssl.trustStorePassword\njavax.net.ssl.trustStoreType\nFor more details, please see this link,\n\njava - path to trustStore - set property doesnt work?\n\nConfigured the properties as below in the WebSphere\n\nSelect Servers &gt; Application Servers &gt; server_name &gt; Process Definition &gt; Java Virtual Machine &gt; Custom Properties &gt; New.\n\na) javax.net.ssl.trustStore = jre_install_dirlibsecuritycacerts\n\nExample: C:Program FilesWebSphereAppServerjavajrelibsecuritycacerts\n\nb) javax.net.ssl.trustStorePassword = changeit (default)\n\nc) javax.net.ssl.trustStoreType = jks\n\nFor more details, please see this link,\n\nhttp:\/\/publib.boulder.ibm.com\/infocenter\/tivihelp\/v2r1\/index.jsp?topic=%2Fcom.ibm.isim.doc_6.0%2Finstalling%2Ftsk%2Ftsk_ic_ins_first_security_truststore.htm\n\nAfter the configuration was able to see in the logs that certificates being added to the trust store.\n\n<\/pre>\n","protected":false},"excerpt":{"rendered":"<p>\ud558\uae30 \ucf54\ub4dc\ub97c \uc0ac\uc6a9\ud558\uba74 \ubaa8\ub4e0 \uc778\uc99d\uc11c( \ud14c\uc2a4\ud2b8, \uc720\ud6a8\uae30\uac04 \uc9c0\ub09c\uac70.. \ub4f1 )\uc744 \ubaa8\ub450 \uc2e0\ub8b0\ud574\ubc84\ub9b0\ub2e4. ( Real \uc801\uc6a9\ud558\uba74 \ubcf4\uc548\uc5d0 \ubb38\uc5d0 \uc788\uc74c. ) ====================================================================== try { SSLContext ctx = SSLContext.getInstance(&#8220;TLS&#8221;); ctx.init(new KeyManager[0], new TrustManager[] { new X509TrustManager() { @Override public void checkClientTrusted(X509Certificate[] x509Certificates, String name) throws CertificateException {} @Override public void checkServerTrusted(X509Certificate[] x509Certificates, String name) throws CertificateException {} @Override public X509Certificate[] getAcceptedIssuers() { return null; } } }, new SecureRandom()); SSLContext.setDefault(ctx); } catch (Exception e) { throw new RuntimeException(e); } ====================================================================== \uc6d0\ucd08 \uc801\uc778 \ud574\uacb0 \uc548\uc740&#8230; jvm\uc5d0 \uc778\uc99d\uc11c \uc124\uce58 \ud558\uae30.. Found that the following javax properties returned null value in the WebSphere. javax.net.ssl.trustStore, javax.net.ssl.trustStorePassword javax.net.ssl.trustStoreType For more details, please see this link, java &#8211; path to trustStore &#8211; set property doesnt work? Configured the properties as below in the WebSphere Select Servers &gt; Application Servers &gt; server_name &gt; Process Definition &gt; Java Virtual Machine &gt; Custom Properties &gt; New. a) javax.net.ssl.trustStore = jre_install_dirlibsecuritycacerts Example: C:Program FilesWebSphereAppServerjavajrelibsecuritycacerts b) javax.net.ssl.trustStorePassword = changeit (default) c) javax.net.ssl.trustStoreType = jks For more details, please see this link, http:\/\/publib.boulder.ibm.com\/infocenter\/tivihelp\/v2r1\/index.jsp?topic=%2Fcom.ibm.isim.doc_6.0%2Finstalling%2Ftsk%2Ftsk_ic_ins_first_security_truststore.htm After the configuration was able to see in the logs that certificates being added to the trust store.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_mi_skip_tracking":false,"ngg_post_thumbnail":0,"spay_email":"","jetpack_publicize_message":"","jetpack_is_tweetstorm":false,"jetpack_publicize_feature_enabled":true},"categories":[15,30,31,29],"tags":[],"aioseo_notices":[],"jetpack_featured_media_url":"","jetpack_publicize_connections":[],"jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p5q9Zn-8z","jetpack-related-posts":[{"id":678,"url":"https:\/\/blog.box.kr\/?p=678","url_meta":{"origin":531,"position":0},"title":"[Linux] Installing Tomcat 8 on a CentOS 7","date":"2015-04-13","format":false,"excerpt":"UPDATE SYSTEM First thing to do is to SSH to your CentOS 7 VPS, fire up a screen session and update your system using yum: ## screen -U -S tomcat8-centos7 ## yum update You may also want to install a text editor like nano or vim ## yum install vim\u2026","rel":"","context":"In &quot;\uae30\uc220\uc790\ub8cc&quot;","img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":156,"url":"https:\/\/blog.box.kr\/?p=156","url_meta":{"origin":531,"position":1},"title":"reading text file with utf-8 encoding using java","date":"2014-07-06","format":false,"excerpt":"CASE 1. PrintStream out =newPrintStream(System.out,true,\"UTF-8\"); out.println(str); CASE 2. import java.io.BufferedReader;import java.io.File;import java.io.FileInputStream;import java.io.IOException;import java.io.InputStreamReader;import java.io.UnsupportedEncodingException;publicclass test {publicstaticvoid main(String[] args){try{File fileDir =newFile(\"PATH_TO_FILE\");BufferedReader in =newBufferedReader(newInputStreamReader(newFileInputStream(fileDir),\"UTF8\"));String str;while((str = in.readLine())!=null){System.out.println(str);} in.close();}catch(UnsupportedEncodingException e){System.out.println(e.getMessage());}catch(IOException e){System.out.println(e.getMessage());}catch(Exception e){System.out.println(e.getMessage());}} }","rel":"","context":"In &quot;JAVA&quot;","img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":947,"url":"https:\/\/blog.box.kr\/?p=947","url_meta":{"origin":531,"position":2},"title":"System Monitoring command","date":"2015-07-30","format":false,"excerpt":"1. OS\/system $\u00a0vmstat 2 10 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \/\/\u00a010 system resource status to every 2 sec. $ iostat 2 10 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0\/\/ 10 I\/O status to every 2 sec. $\u00a0sar\u00a02 10 \u00a0 \u00a0 \u00a0\u2026","rel":"","context":"In &quot;\uae30\uc220&quot;","img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":851,"url":"https:\/\/blog.box.kr\/?p=851","url_meta":{"origin":531,"position":3},"title":"[scrap]Architecting Large Enterprise Java Projects &#8211; My Virtual JUG Session","date":"2015-05-20","format":false,"excerpt":"http:\/\/java.dzone.com\/articles\/architecting-large-enterprise?utm_content=buffer9d9dc&utm_medium=social&utm_source=facebook.com&utm_campaign=buffer \u00a0 I had the pleasure to be invited to the\u00a0virtual JUG\u00a0yesterday. It is a big honor for many reasons: First of all, I am part of the vJUG board and second because it was my second time presenting to this great group of Java interested people. It is always\u2026","rel":"","context":"In &quot;\uae30\uc220&quot;","img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":487,"url":"https:\/\/blog.box.kr\/?p=487","url_meta":{"origin":531,"position":4},"title":"send file sftp java example","date":"2014-12-18","format":false,"excerpt":"public void send (String fileName) { String SFTPHOST = \"host:IP\"; int SFTPPORT = 22; String SFTPUSER = \"username\"; String SFTPPASS = \"password\"; String SFTPWORKINGDIR = \"file\/to\/transfer\"; Session session = null; Channel channel = null; ChannelSftp channelSftp = null; System.out.println(\"preparing the host information for sftp.\"); try { JSch jsch = new\u2026","rel":"","context":"In &quot;JAVA&quot;","img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":894,"url":"https:\/\/blog.box.kr\/?p=894","url_meta":{"origin":531,"position":5},"title":"How To Install Cassandra on CentOS 7","date":"2015-06-16","format":false,"excerpt":"Apache Cassandra is a NoSQL database intended for storing large amounts of data in a decentralized, highly available cluster. NoSQL refers to a database with a data model other than the tabular relations used in relational databases such as MySQL, PostgreSQL, and Microsoft SQL. Pre-Flight Check These instructions are intended\u2026","rel":"","context":"In &quot;\uae30\uc220&quot;","img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]}],"_links":{"self":[{"href":"https:\/\/blog.box.kr\/index.php?rest_route=\/wp\/v2\/posts\/531"}],"collection":[{"href":"https:\/\/blog.box.kr\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.box.kr\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.box.kr\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.box.kr\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=531"}],"version-history":[{"count":0,"href":"https:\/\/blog.box.kr\/index.php?rest_route=\/wp\/v2\/posts\/531\/revisions"}],"wp:attachment":[{"href":"https:\/\/blog.box.kr\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=531"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.box.kr\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=531"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.box.kr\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=531"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}