Buona giornata. Nelle ultime due settimane ho cercato di creare la mia app client xmpp che sarà connessa al server xmpp tramite TLS (perché il server sta usando)
Il mio server è:
telnet xmpp.odnoklassniki.ru 5222
Trying 217.20.145.69...
Connected to xmpp.odnoklassniki.ru.
Escape character is '^]'.
Se lo faccio:
openssl s_client -connect xmpp.odnoklassniki.ru:5222 -starttls xmpp -showcerts | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > /Users/dmitry/odnoklassniki.pem
/Users/dmitry/odnoklassniki.pem
è qui
Dopo questo, come posso creare la catena di certificati e importarla nel keystore fidato?
Se sto usando Adium messenger
funziona bene e nella scheda delle preferenze vedo questo:
Aiutami.
Eccezionegeneratadalmiocodice:
javax.net.ssl.SSLHandshakeException:java.security.cert.CertificateException:rootcertificatenottrustedof[*.odnoklassniki.ru]atcom.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)atcom.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1764)atcom.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:241)atcom.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:235)atcom.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1206)atcom.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:136)atcom.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:593)atcom.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:529)atcom.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:958)atcom.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1203)atcom.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1230)atcom.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1214)atorg.jivesoftware.smack.XMPPConnection.proceedTLSReceived(XMPPConnection.java:806)atorg.jivesoftware.smack.PacketReader.parsePackets(PacketReader.java:267)atorg.jivesoftware.smack.PacketReader.access$000(PacketReader.java:43)atorg.jivesoftware.smack.PacketReader$1.run(PacketReader.java:70)Causedby:java.security.cert.CertificateException:rootcertificatenottrustedof[*.odnoklassniki.ru]atorg.jivesoftware.smack.ServerTrustManager.checkServerTrusted(ServerTrustManager.java:144)atcom.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1198)...11more
AGGIORNAMENTO
- Hoscaricatoilcertificatoda
https://www.entrust.net/downloads
- dopoquesto
C:\>keytool-import-aliasRoot-keystoreo.keystore-trustcacerts-fileroot.cer
hoavutounkeystoreo.keystore
nelcodicehoaggiuntoquestaopzione:
config.setDebuggerEnabled(true);config.setSASLAuthenticationEnabled(true);config.setSecurityMode(ConnectionConfiguration.SecurityMode.enabled);config.setSelfSignedCertificateEnabled(true);config.setExpiredCertificatesCheckEnabled(true);config.setVerifyRootCAEnabled(true);config.setTruststoreType("JKS"); config.setKeystorePath("/Users/dmitry/o.keystore"); config.setTruststorePath("/Users/dmitry/o.keystore"); config.setTruststorePassword("changeit");
Ma lo stesso errore:
javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: root certificate not trusted of [*.odnoklassniki.ru]
Informazioni di debug
keyStore is : keyStore type is : jks keyStore provider is : init keystore init keymanager of type SunX509 trustStore is: c:\my.keystore trustStore type is : jks trustStore provider is : init truststore adding as trusted cert: Subject: CN=Entrust Root Certification Authority, OU="(c) 2006 Entrust, Inc.", OU=www.entrust.net/CPS is incorporated by reference, O="Entrust, Inc.", C=US Issuer: CN=Entrust Root Certification Authority, OU="(c) 2006 Entrust, Inc.", OU=www.entrust.net/CPS is incorporated by reference, O="Entrust, Inc.", C=US Algorithm: RSA; Serial number: 0x456b5054 Valid from Mon Nov 27 23:23:42 MSK 2006 until Sat Nov 28 00:53:42 MSK 2026
Cosa sto facendo male?