Create a gist now

Instantly share code, notes, and snippets.

Test of java SSL / keystore / cert setup. Check the commet #1 for howto.
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import java.io.*;
/** Establish a SSL connection to a host and port, writes a byte and
* prints the response. See
* http://confluence.atlassian.com/display/JIRA/Connecting+to+SSL+services
*/
public class SSLPoke {
public static void main(String[] args) {
if (args.length != 2) {
System.out.println("Usage: "+SSLPoke.class.getName()+" <host> <port>");
System.exit(1);
}
try {
SSLSocketFactory sslsocketfactory = (SSLSocketFactory) SSLSocketFactory.getDefault();
SSLSocket sslsocket = (SSLSocket) sslsocketfactory.createSocket(args[0], Integer.parseInt(args[1]));
InputStream in = sslsocket.getInputStream();
OutputStream out = sslsocket.getOutputStream();
// Write a test byte to get a reaction :)
out.write(1);
while (in.available() > 0) {
System.out.print(in.read());
}
System.out.println("Successfully connected");
} catch (Exception exception) {
exception.printStackTrace();
}
}
}
@4ndrej
Owner
4ndrej commented Jan 16, 2013

Test of java SSL / keystore / cert setup. Came from https://confluence.atlassian.com/download/attachments/117455/SSLPoke.java

Usage:

  1. extract cert from server:
    openssl s_client -connect server:443
  2. negative test cert / keytool:
    java SSLPoke server 443
    you should get something like
    javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
  3. import cert into default keytool:
    keytool -import -alias alias.server.com -keystore $JAVA_HOME/jre/lib/security/cacerts
  4. positive test cert / keytool:
    java SSLPoke server 443
    you should get this:
    Successfully connected
@jdros
jdros commented May 21, 2015

Thanks! Helped us to debug a cert issue.

@jackchen858

Doesn't seems work as I thought it should work. it doesn't check if the server certificate is matching with the parameter.

example:

java SSLPoke ip.address.of.sslserver 443
Successfully connected

So it doesn't really check the certificate?

@bekce
bekce commented Nov 5, 2015

@jackchen858 +1 It does not

@wesleyforti

It did not work for me.

I always get Successfully connected msg

@janeklb
janeklb commented Jan 12, 2016

Make sure you run this with the right java in case you have multiple installations

@mohannmurthy

Works brilliantly. Thanks

@smeduru
smeduru commented May 11, 2016

Thanks a lot. Followed your instructions. Fix worked perfectly.

@dadez
dadez commented Nov 29, 2016

How to use it behind a proxy ?

@joerg
joerg commented Jan 19, 2017

For those not living in the Java World here is how I compiled and used this:

  • Copy code to somewhere
  • Call Java compiler /usr/java/jdk1.6.0_45/bin/javac /tmp/SSLPoke.java (use your version of Java here)
  • Call tool with ClassPath (-cp) that you copied the file to: /usr/java/jdk1.6.0_45/bin/java -cp /tmp SSLPoke my-url.com 443
@Tzaphkiel

Very useful thanks.

A note however, instead of updating the java JRE/JDK installation's keystore, best practices dictates that you should define your own truststore (if you have company CA or application certificates for example):

# import certificate into your local TrustStore
keytool -import -trustcacerts -storepass changeit -file "./class 1 root ca.cer" -alias C1_ROOT_CA -keystore ./LocalTrustStore
# use it in JAVA:
java -Djavax.net.ssl.trustStore=./LocalTrustStore -jar SSLPoke.jar $HOST $PORT
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment