The Microsoft JDBC SSL documentation details the use of a Java keystore in order to specify a certificate bundle to use when validating the TLS connection. Is there a way to provide a certificate bundle without needing to store it within a JKS when connecting to a SQL Server database? Postgres seems to have a sslrootcert option which appears to
Tag: ssl
How to disable Host name verification for nimbus JWKS ResourceRetriever
First I was using ‘DefaultResourceRetriever’ without any configuration like this : and then I got the following exception To by pass certificate check I have configured the resource retriever like below; But it doesn’t changed anything. I could set Hostname verifier to SSLConnectionSocketFactory like this: new SSLConnectionSocketFactory(sslContext, new NoopHostnameVerifier()) But nimbus ResourceRetriever only accept SSLSocketFactory as a parameter. Is there
How connection with JIRA using RESTAPI with java?
My task is to establish a connection to JIRA in java using RESTAPI. I’m facing an error with the SSL security certificate. I have tried many times and looked on google, but I didn’t find any solution to my problem. Can anyone help me to fix this error? APOD.java JavaHttpURLConnectionDemo.java Error Answer HttpsURLConnection is using by default the JDK trusted
How do I get OpenJDK 16 to talk with an SSL enabled nginx server?
I’m running a spring boot application that needs to make an https call to an nginx server. The application is running on CentOS 7 with OpenJDK 16. Following this more or less, I gathered a list of all the ciphers available to the JVM: In nginx, I have the following: I’ve tried every one of the ciphers available to my
How can I get debug messages from Java’s SSL handshake?
I’m trying to secure a Java Spring Boot REST service with Keycloak. Part of that involves communication between the service and Keycloak to get the well-known OpenID configuration. When everything is unencrypted (over HTTP), things work fine. When I add an SSL certificate into the mix (technically on an nginx server in front of both services), I’m getting an SSL
Kafka docker – NoSuchFileException: /opt/kafka.server.keystore.jks
I have installed kafka via docker. When i run the docker-compose up command I face following errors: Below is my docker-compose.yml file: Answer Change the variable values to use /certs
SSL Handshake error after Client Finished handshake message
I’m attempting to perform mutual TLS authentication to server.com (changed), and I’m getting Fatal (HANDSHAKE_FAILURE): Couldn’t kickstart handshaking, javax.net.ssl.SSLException: readHandshakeRecord after Produced client Finished handshake message. I am using AdoptOpenJDK 11.0.11.9-hotspot. JVM options: Code I use for debugging this problem: Logs with handshake steps successfully performed: Just after that I get: The same request sent with curl or openssl is
SSL for JMX with RMI
We have a Java application which has had a JConsole connection with password authentication for a while. In improving the security of this, we are trying to encrypt the connection made from JConsole to the application. Up until now, we have launched our application with the following launch command: With this, we can flawlessly access the JMX methods of MyApplication
Is truststore a pure Java terminology?
When I search “truststore” on YouTube, I got the following video as the first hit. It is about Java. https://www.youtube.com/watch?v=Ur9LlNOYnRg A Google search also mostly returns Java webpages. Is this a pure Java concept? How can in be explained in the context of SSL/TLS without using Java? Answer Note that certificates are not used only for SSL/TLS, and Java used
How to enable certificate_authorities extension in Jetty with TLS 1.3
I recently updated my Jetty server (11.0.1) to TLS 1.3 (jre 11.0.9.1).The server do not send trusted certificate_authorities anymore in the CertificateRequest phase (client certificate authentication is required). Consequently, in the prompt window, the browsers do not filter the clients certificates delivered by the CA trusted by the server. How can i enable certificate_authorities extension on my jetty server in