0

I am writing Java program proxy (man in the middle proxy). When the client connect to my proxy, i want to the server will send its self-certificate.

My problem is: How to auto generate self-certificate for every domain(using any tools: keytool, openssl,...) and sing to existed root ca? I want to when i imported root ca to browser(ex Firefox), it will not showing warning when client connect server through my proxy and i can decrypt data between the client and server.

In this case: I have two solutions:

1) I am writing a sh file include multiple command generate self-certificate and then execute it by java(Runtime.getRuntime().exec)

2) I found an module iaik_jce has an constructor method cert = new iaik.x509.X509Certificate(server_cert.getEncoded());: server_cert be get from statement: server_cert = (X509Certificate) socket.getSession().getPeerCertificates()[0]; but it is not supported all algorithm. I get an exception with google, facebook,...

HoaiNP
  • 21
  • 1
  • 7
  • why do you want to create a new self signed cert each time? – Scary Wombat Aug 18 '16 at 02:05
  • @ScaryWombat , if the browser check the response certificate not match for domain, it will show the warning. – HoaiNP Aug 18 '16 at 02:16
  • This answer covers how to generate x509 certificates, its not simple and uses sun api's but ti should work http://stackoverflow.com/questions/1615871/creating-an-x509-certificate-in-java-without-bouncycastle – Magnus Aug 18 '16 at 05:29
  • @Magnus thanks. Very useful for me. – HoaiNP Aug 18 '16 at 08:29

0 Answers0