SSL in jpos!
Kartik
I have gone through the Jpos guide regarding the SSL configuration but
would require some help in this case
<!---As give in jpos guide---->
<channel name="dummyclient.channel"
class="org.jpos.iso.channel.ASCIIChannel"
packager="org.jpos.iso.packager.GenericPackager"
packager-config="src/config/packager/iso87ascii.xml"
packager-logger="qsp"
packager-realm="packager"
type="client" logger="qsp" realm="dummyclient.channel"
connect="no"
socket-factory="org.jpos.iso.SunJSSESocketFactory">
...
...
</channel>
Tip
Can someone please help me out in this. Would really appreciate if had
a discussion regarding this
Kartik
<attr name="socketFactory">org.jpos.iso.SunJSSESocketFactory</attr>
<property name="keystore" value="/path/to/keystore"/>
<property name="clientauth" value="true"/>
but can some one explain me What is the significance of each element
(Property)
Mark Salter
> Sorry gave a QSP example i am presently using Q2 so i should use
>
> <attr name="socketFactory">org.jpos.iso.SunJSSESocketFactory</attr>
> <property name="keystore" value="/path/to/keystore"/>
> <property name="clientauth" value="true"/>
>
> but can some one explain me What is the significance of each element
> (Property)
The best place to see what these properties do would be in the source....
The boolean clientauth value is passed into :-
SSLServerSocket serverSocket = (SSLServerSocket) socket;
serverSocket.setNeedClientAuth(clientAuthNeeded);
and "Controls whether accepted server-mode SSLSockets will be initially
configured to require client authentication."
The keystore is where your certificates for the exchange are held.
Have you searched this mailing list already? I'm sure there was some
quite recent discussion.
--
Mark
Kartikeya Bhatt
Thanks
Kartik
I have generated a key store and got a certificate too using keytool
of java now how should i go on configuring it in JPOS. I know i have
to specify the path of key store in the Config Files but then what
please clear my confusion regarding the SSL Setup
Thanks in advance
On Mar 13, 9:43 am, Kartikeya Bhatt <kartikeya.payautom...@gmail.com>
wrote:
> configure SSL but I am little confused about the Key store(Generated via key
> tool) and certificate provided by a CA i was hoping if you can provide me
> some information related to it
>
> Thanks
>
Mark Salter
> Hi All;
>
> I have generated a key store and got a certificate too using keytool
> of java now how should i go on configuring it in JPOS. I know i have
> to specify the path of key store in the Config Files but then what
> please clear my confusion regarding the SSL Setup
I don't use it, and can't locate the HOWTO I remember reading a long
while ago that covered key generation and placement into the keystore.
Anyone know where that might be, or do we need to generate a new HOWTO?
Volunteers 8) ?
There is a discussion on our jpos-dev list :-
http://tech.groups.yahoo.com/group/jpos-dev/message/4189?gi=-102
Which has been referenced before, perhaps that can help you?
In particular, this message in the thread:-
http://tech.groups.yahoo.com/group/jpos-dev/message/4835
Holds config examples, describe (at a high level) steps to prepare the
keystore and some test output of a couple of tests using open_ssl text :-
A failed attempt:-
"
tlk@quark openssl $ openssl s_client -host localhost -port 9000 -cert
untrusted-client.pem
CONNECTED(00000003)
depth=0 /C=DK/ST=Unknown/L=Unknown/O=Unknown/OU=Unknown/CN=jPOS/Q2 server
verify error:num=18:self signed certificate
verify return:1
depth=0 /C=DK/ST=Unknown/L=Unknown/O=Unknown/OU=Unknown/CN=jPOS/Q2 server
verify return:1
11395:error:14094416:SSL routines:SSL3_READ_BYTES:sslv3 alert certificate
unknown:s3_pkt.c:1052:SSL alert number 46
11395:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake
failure:s23_lib.c:226:
"
And then a good attempt:-
"
tlk@quark openssl $ openssl s_client -host localhost -port 9000 -cert
trusted-client.pem
CONNECTED(00000003)
depth=0 /C=DK/ST=Unknown/L=Unknown/O=Unknown/OU=Unknown/CN=jPOS/Q2 server
verify error:num=18:self signed certificate
verify return:1
depth=0 /C=DK/ST=Unknown/L=Unknown/O=Unknown/OU=Unknown/CN=jPOS/Q2 server
verify return:1
"
Any good for you? Sorry I can't be of more help, as mentioned I don't
use this facility, but I do know it works for others, so assume it is a
case of getting everything aligned correctly, which seems to be the hard
bit 8(.
--
Mark
Kartik
Discussion of Jpos and SSL is more than enough to kick start SSL in
JPOS
Thanks Again
Mark Salter
> Thanks a lot Mark got the SSL working and it worked great. The
> Discussion of Jpos and SSL is more than enough to kick start SSL in
> JPOS
Thank you for confirming that back here.
Can you possibly indicate what you had not done at all, or in fact what
piece of the thread I pointed you to sorted it?
This detail might help someone in the future.
Of course, if you have a step by step account of the recent actions you
took, can you share them here?
>
> Thanks Again
You are very welcome.
--
Mark
Dave Bergert
> Anyone know where that might be, or do we need to generate a new HOWTO?
> Volunteers 8) ?
>
/added to todo list
DB
Kartik
I have been using openssl in order to issue ISOMsg to my application .
I have been doing this with Clientauth set to false in my Jpos config
files but now i was trying to get it working with clienauth set to
true means i am supposed to pass a certificate to open ssl while
connecting .
(openssl> s_client -connect server:port -cert ?)
I Already have a keystore and a (pcsk7) CA cretificate.
Can you please guide me in what process am i supposed to follow to get
Openssl working in case clintAuth is required.
Kartik
1) The certificate obtained from CA of pcks7 should be first converted
into PEM format as openssl requires it
2) then use the PEM cert as mentioned above to just connect to the
Server listening for the ISOMsg(in ASCII or BCD) format
3) Then simply paste the (ISO)MSG on openssl window and wallah it
works
Hope it is of Some help to others