-2

I'm having a hard time when trying to connect a java ssl server to another java ssl server. both of them running with the same ssl key.

This is what the first server looks like:

public HostServer() throws IOException {

        System.setProperty("javax.net.ssl.keyStore", HOST_SERVER_KEY_FILE);
        System.setProperty("javax.net.ssl.keyStorePassword", SSL_KEY_PASSWORD);
        serverSocket = ((SSLServerSocketFactory) SSLServerSocketFactory.getDefault()).createServerSocket(HOST_SERVER_PORT);
        System.out.println("Host server is running and waiting for clients to connect...");
        connectedRequestServers = new ArrayList<ClientData>();
        connectedRequestServersSemaphore = new Semaphore(1);


}

public void start() {

    try {
        while (true) {
            Socket socket = serverSocket.accept();
            Thread clientHandler = new Thread(new ClientHandler(socket));
            clientHandler.start();

        }
    } catch (IOException ex) {
        Logger.getLogger(HostServer.class.getName()).log(Level.SEVERE, null, ex);
    }

}

This is what the second server looks like:

  public RequstServer() throws IOException, NoSuchAlgorithmException, KeyManagementException, GeneralSecurityException {



        System.setProperty("javax.net.ssl.keyStore", HostServer.HOST_SERVER_KEY_FILE);// REQUST_SERVER_KEY_FILE);
        System.setProperty("javax.net.ssl.keyStorePassword", HostServer.SSL_KEY_PASSWORD); //SSL_KEY_PASSWORD);
        serverSocket = ((SSLServerSocketFactory) SSLServerSocketFactory.getDefault()).createServerSocket(REQUEST_SERVER_PORT);

        System.out.println("Request Server is up and running!");

        System.setProperty("javax.net.ssl.trustStore", HostServer.HOST_SERVER_KEY_FILE);

        hostSocket = ((SSLSocketFactory) SSLSocketFactory.getDefault()).createSocket(HostServer.HOST_SERVER_ADDRESS, HostServer.HOST_SERVER_PORT);
        os = new ObjectOutputStream(hostSocket.getOutputStream());
        is = new ObjectInputStream(hostSocket.getInputStream());


    }

The first server is running fine, but when ever i'm trying to run the second server, I get the follwing error, meaning that the connection to the first server has failed. If anyone can help me I will be so happy!

Request Server is up and running!

3:12:47 PM Ver1.RequstServer main
SEVERE: null
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
    at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1949)
    at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302)
    at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296)
    at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1509)
    at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)
    at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979)
    at sun.security.ssl.Handshaker.process_record(Handshaker.java:914)
    at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1062)
    at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)
    at sun.security.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:747)
    at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:123)
    at java.io.ObjectOutputStream$BlockDataOutputStream.drain(ObjectOutputStream.java:1877)
    at java.io.ObjectOutputStream$BlockDataOutputStream.setBlockDataMode(ObjectOutputStream.java:1786)
    at java.io.ObjectOutputStream.<init>(ObjectOutputStream.java:247)
    at Ver1.RequstServer.<init>(RequstServer.java:70)
    at Ver1.RequstServer.main(RequstServer.java:38)
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:387)
    at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292)
    at sun.security.validator.Validator.validate(Validator.java:260)
    at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)
    at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229)
    at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124)
    at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1491)
    ... 12 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)
    at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)
    at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)
    at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:382)
    ... 18 more
Matan Issler
  • 19
  • 7

1 Answers1

0

Server side:

System.setProperty("javax.net.ssl.trustStore", keyStore);
System.setProperty("javax.net.ssl.keyStore", keyStore);
System.setProperty("javax.net.ssl.keyStorePassword", keyStorePass);

SSLServerSocketFactory sslFactory = (SSLServerSocketFactory) SSLServerSocketFactory.getDefault();
serverSocket = (SSLServerSocket) sslFactory.createServerSocket(port, queueLength);

Socket clientConnection = socket.accept();

Client side:

System.setProperty("javax.net.ssl.trustStore", keyStore);
System.setProperty("javax.net.ssl.keyStore", keyStore);
System.setProperty("javax.net.ssl.keyStorePassword", keyStorePass);

SSLSocketFactory sslFactory = (SSLSocketFactory) SSLSocketFactory.getDefault();
socket = (SSLSocket) sslFactory.createSocket(address, port);
socket.startHandshake();

To generate keystores:

keytool -genkey -alias server -keyalg RSA -keystore server.jks
keytool -genkey -alias client -keyalg RSA -keystore client.jks

keytool -export -file server.cert -keystore server.jks -storepass 123456 -alias server
keytool -export -file client.cert -keystore client.jks -storepass 123456 -alias client

keytool -import -file client.cert -keystore server.jks -storepass 123456 -alias client
keytool -import -file server.cert -keystore client.jks -storepass 123456 -alias server
Siloft
  • 116
  • 4
  • Thank you very much!!! It worked for me! You helped me to understand the idea being the private key-public key! – Matan Issler Mar 22 '18 at 15:25
  • What you do with the private public key by exporting it and importing it into the other making it so called 'self-signing'. Please mark my answer bove as helpfull if you want to. – Siloft Mar 22 '18 at 21:43
  • @MatanIssler please mark my answer as solved. Thank you! – Siloft Mar 24 '18 at 16:16