I have implemented a web service with server and client authentication using keytool. The problem is that this authentication doesn t work if I don t include the name of the host in it. For example:
keytool -genkey -alias myAlias -keyalg RSA -keypass myPassword -storepass myPassword -keystore my.keystore -dname "CN=myhost"
But I don t need and I don t like validation by host or by IP. Is there any way of avoiding it?
Thanks.
SSL has, as part of it s requirements, validation that the certificate CN matches the hostname that you re connecting to. If the CN doesn t match, then the browser will assume that you re connecting to the wrong host and object.
There is no way around this.
I agree with the other posters: if you are using SSL, you almost certainly want hostname verification as part of the SSL security feature set.
That said, depending on the client you are using, there may very well be a way around this issue. Engineers will circumvent hostname verification in test environments, for debugging, prototyping, etc. If you are using a Java client which connects via HttpsURLConnection, it would be as simple as adding the following to your client class:
static {
HttpsURLConnection.setDefaultHostnameVerifier(
new HostnameVerifier(){
public boolean verify(String string,SSLSession ssls) {
return true;
}
});
}
The standard logic is: If you don t need to protect your data, don t use SSL. If you do need to protect it, then you need to know what host you are connecting to. There should be no inbetween.
However in some internal environments, you might have enough control of the network and config to not be worried.
If you are in the latter case, then the solution depends on the client libraries you are using. If you are using HTTP Client, then read the SSL config guide. It may be that you don t need to implement your own SecureProtocolSocketFactory and can just use EasySSLProtocolSocketFactory.
Hi have this j2ee web application developed using spring framework. I have a problem with rendering mnessages in nihongo characters from the properties file. I tried converting the file to ascii using ...
Check this, List<String> list = new ArrayList<String>(); for (int i = 0; i < 10000; i++) { String value = (""+UUID.randomUUID().getLeastSignificantBits()).substring(3, ...
I am in the middle of solving a problem where I think it s best suited for a decorator and a state pattern. The high level setting is something like a sandwich maker and dispenser, where I have a set ...
I have been trying to execute a MS SQL Server stored procedure via JDBC today and have been unsuccessful thus far. The stored procedure has 1 input and 1 output parameter. With every combination I ...
I have a system which contains multiple applications connected together using JMS and Spring Integration. Messages get sent along a chain of applications. [App A] -> [App B] -> [App C] We set a ...
If I m given two Java Libraries in Jar format, 1 having no bells and whistles, and the other having lots of them that will mostly go unused.... my question is: How will the larger, mostly unused ...
I have a Class variable that holds a certain type and I need to get a variable that holds the corresponding array class. The best I could come up with is this: Class arrayOfFooClass = java.lang....
I m working on a Java desktop application that reads and writes from/to different files. I think a better solution would be to replace the file system by a SQLite database. How hard is it to migrate ...