5

I have an application jar from which I m calling an HTTPS url using DefaultHTTPClient class object but its giving peer not authenticate exception, so I want to sign jar using keystore.

I have .cer file which has public key and I can able to import into keystore but when I use jarsigner tool it says certificate chain not found.you must have private key and associate public key.

I have .pfx file also which is suppose to an private key but I don't know how to import it.can any one able to tell me the steps how to import .pfx file and use in jarsigner.

Correct me if I m wrong somewhere..

UPDATE

As per @Duncan I am able to import .cer file in JVM by referring This Link.. I used bellowed command to import .cer into cacerts

c:\Program Files\Java\jre7\bin>keytool -importcert -alias esbcert -file "e:\Desktop\esbcert\esb.cer" -keystore "c:\Program Files\Java\jre7\lib\security\cacerts" -storepass changeit

After this I entered 'y' to trust the certificate

Trust this certificate? [no]: y Certificate was added to keystore

After that I Run my application but it still gives me javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated

Stack is as follows :

javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
        at sun.security.ssl.SSLSessionImpl.getPeerCertificates(Unknown Source)
        at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.jav
a:126)
        at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFact
ory.java:572)
        at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnect
ion(DefaultClientConnectionOperator.java:180)
        at org.apache.http.impl.conn.ManagedClientConnectionImpl.open(ManagedCli
entConnectionImpl.java:294)
        at org.apache.http.impl.client.DefaultRequestDirector.tryConnect(Default
RequestDirector.java:645)
        at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultReq
uestDirector.java:480)
        at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpCl
ient.java:906)
        at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpCl
ient.java:805)
        at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpCl
ient.java:784)
        at testhttps.TestHTTPS.testWithMKCLHTTPClient(TestHTTPS.java:95)
        at testhttps.TestHTTPS.main(TestHTTPS.java:49)

My Code is :

String url = "https://domain.org/webapp/transformer/doTransformer/doReg";
try {


    HttpPost postRequest = new HttpPost(url);       
    HttpResponse httpResponse = null;

    DefaultHttpClient httpClient = new DefaultHttpClient();     
    httpResponse = httpClient.execute(postRequest);             
} catch (Exception e) {         
    e.printStackTrace();
}
Amogh
  • 4,453
  • 11
  • 45
  • 106
  • Take a look here: http://stackoverflow.com/questions/4210254/how-to-sign-a-jar-file-using-a-pfx-file – Antonio Fruci May 20 '14 at 08:03
  • 1
    You don't need to sign the _code_ in order to be able to make https connections, you need to set up the right keystores so the the https client knows to trust the server certificate, and possibly presents its own certificate if the server requires client authentication. – Ian Roberts May 20 '14 at 08:03
  • 1
    Signing jar file has exactly nothing to do with SSL's "peer not authenticated". – Oleg Estekhin May 20 '14 at 08:03
  • @IanRoberts Ohhh!!! How can I set up keystores? – Amogh May 20 '14 at 08:14
  • 1
    @Amogh I closed this question as a duplicate - see the answers in that question, which show you how to do it. – Duncan Jones May 20 '14 at 08:15
  • @Duncan ok, Thanks For the same and sorry for duplication. – Amogh May 20 '14 at 08:16
  • @Duncan I think the link provided by you is very nicely explained about steps. but command like openssl,grep is for Linux(if I m not wrong) can you provide for windows environment. please.... – Amogh May 20 '14 at 08:32
  • @Amogh The linux-heavy parts of that answer relate to obtaining the certificate. I think you already have that, so you can just focus on the keytool part. – Duncan Jones May 20 '14 at 08:36
  • @Duncan I am not able to locate to find the cacerts keystore using command `locate cacerts | grep "1.7.0_40"`..Is it if I directly use `c:\Program Files\Java\jre7\lib\security\cacerts ` in `keytool` command – Amogh May 20 '14 at 08:45
  • @Duncan I imported .cer file using command `c:\Program Files\Java\jre7\bin>keytool -importcert -alias esbcert -file "e:\Desktop\esbcert\esb.cer" -keystore "c:\Program Files\Java\jre7\lib\security\cacerts" -storepass changeit`....after this I run my program stll it gives `'SSLPeerUnverifiedException: peer not authenticated'` – Amogh May 20 '14 at 08:54
  • @Amogh Update your question, referencing the (non)-duplicate, explain what you've done and show us your exception. We can re-open this question. – Duncan Jones May 20 '14 at 08:54
  • @Duncan Question is updated. – Amogh May 20 '14 at 09:06
  • @Duncan I tried on Ubuntu first time it gives me exception then I followed the steps and its working :) but unfortunately I want it to work on windows :( Any Help Please. – Amogh May 20 '14 at 09:25
  • If you've created appropriate keystrokes on Ubuntu you can just copy those to your windows machine and use them there. – Ian Roberts May 20 '14 at 10:03
  • Its Done.. I downloaded cert file on Ubuntu machine using command specified renamed it to .cer and install on windows using keytool. Its working now Thank you all very much :) @Duncan add your suggested link as answer I will feel happy to mark as answer,Thank you. – Amogh May 20 '14 at 10:34

1 Answers1

5

This exceptions tell that connection made to server URL is not from authenticated client. To resolve this issue we have to import server's public certificate in jre on which java application is runnering to import certificate follow these steps:

As per @Duncan (comment) I am able to import .cer file in JVM by referring This Link.. I used bellowed command to import .cer into cacerts

c:\Program Files\Java\jre7\bin>keytool -importcert -alias esbcert -file "e:\Desktop\esbcert\esb.cer" -keystore "c:\Program Files\Java\jre7\lib\security\cacerts" -storepass changeit

After this I entered 'y' to trust the certificate

Trust this certificate? [no]: y Certificate was added to keystore

Amogh
  • 4,453
  • 11
  • 45
  • 106