jPOS and SSL

1,840 views
Skip to first unread message

badre...@gmail.com

unread,
Jan 30, 2009, 12:15:36 PM1/30/09
to jPOS Users
Hi everybody,
In my case I want to activate SSL for communications between jPOS
server and jPOS client, to do I used the SunJSSESocketFactory class
and th following server xml configuration :
<?xml version="1.0" ?>
<server class="org.jpos.q2.iso.QServer" logger="Q2"
name="simulator_10000">
<attr name="port" type="java.lang.Integer">10000</attr>
<attr name="socketFactory">org.jpos.iso.SunJSSESocketFactory</attr>
<property name="keystore" value="C:\Documents and Settings
\Administrateur.88A71D1CFED64CC\servertest.private"/>
<property name="clientauth" value="true"/>
<property name="storepassword" value="ashuashu"/>
<property name="keypassword" value="ashuashu"/>
<channel class="org.jpos.iso.channel.XMLChannel"
logger="Q2" packager="org.jpos.iso.packager.XMLPackager">
</channel>
<request-listener class="org.jpos.bsh.BSHRequestListener"
logger="Q2">
<property name="source" value="cfg/serversimulator.bsh" />
</request-listener>
</server>

with keytool generated certificates using the following script :

" keytool -genkey -alias serverprivate -keystore servertest.private -
storetype JKS -keyalg rsa -storepass ashuashu -keypass ashuashu "

but when tring to connect to the server using a securised telnet
client it generates the following errors message and there's no
handshake between the two communication parts :

<log realm="simulator_10000.server.session/127.0.0.1" at="Fri Jan 30
17:58:38 CE
T 2009.203">
<session-error>
<exception name="handshake alert: no_certificate">
javax.net.ssl.SSLProtocolException: handshake alert:
no_certificate
at com.sun.net.ssl.internal.ssl.ServerHandshaker.handshakeAlert
(Unknown
Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.recvAlert
(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord
(Unknown Source)

at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Un
known Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readDataRecord
(Unknown Sou
rce)
at com.sun.net.ssl.internal.ssl.AppInputStream.read(Unknown
Source)
at java.io.BufferedInputStream.read1(Unknown Source)
at java.io.BufferedInputStream.read(Unknown Source)
at java.io.DataInputStream.read(Unknown Source)
at sun.nio.cs.StreamDecoder.readBytes(Unknown Source)
at sun.nio.cs.StreamDecoder.implRead(Unknown Source)
at sun.nio.cs.StreamDecoder.read(Unknown Source)
at java.io.InputStreamReader.read(Unknown Source)
at java.io.BufferedReader.fill(Unknown Source)
at java.io.BufferedReader.readLine(Unknown Source)
at java.io.BufferedReader.readLine(Unknown Source)
at org.jpos.iso.channel.XMLChannel.streamReceive
(XMLChannel.java:92)
at org.jpos.iso.BaseChannel.receive(BaseChannel.java:595)
at org.jpos.iso.ISOServer$Session.run(ISOServer.java:144)
at org.jpos.util.ThreadPool$PooledThread.run(ThreadPool.java:
72)
</exception>
</session-error>
</log>


So please can you tell me if there's the right way to securise my
jPOS server and what can I do to correct those connection errors.
Your response will be a great help for me.

Mark Salter

unread,
Jan 30, 2009, 4:50:20 PM1/30/09
to jpos-...@googlegroups.com
badre...@gmail.com wrote:

> In my case I want to activate SSL for communications between jPOS
> server and jPOS client, to do I used the SunJSSESocketFactory class
> and th following server xml configuration :
> <?xml version="1.0" ?>
> <server class="org.jpos.q2.iso.QServer" logger="Q2"
> name="simulator_10000">
> <attr name="port" type="java.lang.Integer">10000</attr>
> <attr name="socketFactory">org.jpos.iso.SunJSSESocketFactory</attr>
> <property name="keystore" value="C:\Documents and Settings
> \Administrateur.88A71D1CFED64CC\servertest.private"/>
> <property name="clientauth" value="true"/>

With clientauth=true, a client connecting to this server will be asked
to supply it's certificate? I think this might be the stage which is
failing for you.

> <property name="storepassword" value="ashuashu"/>
> <property name="keypassword" value="ashuashu"/>
> <channel class="org.jpos.iso.channel.XMLChannel"
> logger="Q2" packager="org.jpos.iso.packager.XMLPackager">
> </channel>
> <request-listener class="org.jpos.bsh.BSHRequestListener"
> logger="Q2">
> <property name="source" value="cfg/serversimulator.bsh" />
> </request-listener>
> </server>

[snip]


> but when tring to connect to the server using a securised telnet
> client it generates the following errors message and there's no
> handshake between the two communication parts :

Can I ask what you are using for your 'securised telnet client'?

Have you added a certificate to this client software?

Can you try (just for now) setting clientauth=false?

In connecting a jPos SSL client to a jPos SSL server with
clientauth=true, I think both ends need certificates.

I do recall reading a step by step guide, but I can't remember where it
was and neither can I find it as I write.


--
Mark

badre...@gmail.com

unread,
Feb 2, 2009, 6:00:40 PM2/2/09
to jPOS Users
I want before to thank you for your interest, I found a solution for
the server problem by changing the SunJSSESocketFactory class to make
it accept .key configuration especially the file temp.key containing
information concerning the client .private key so my server perfectly
interract with a securised telent client , now my problem is how to
configure the jpos client( client simulator) to make it connect to my
server so I will list below the configuration I used :

<channel-adaptor name='clientsimulator-adaptor'
class="org.jpos.q2.iso.ChannelAdaptor" logger="Q2">
<attr name="socketFactory">org.jpos.iso.SunJSSESocketFactory</attr>
<property name="keystore" value="C:\Documents and Settings
\Administrateur.88A71D1CFED64CC\client.private"/>
<property name="serverauth" value="true"/>
<property name="storepassword" value="ashuashu"/>
<property name="keypassword" value="ashuashu"/>

and this is the client log when trying to connect to the server :

<warn>
channel-receiver-clientsimulator-receive
<exception name="null">
java.io.EOFException
at org.jpos.iso.channel.XMLChannel.streamReceive
(XMLChannel.java:94)
at org.jpos.iso.BaseChannel.receive(BaseChannel.java:595)
at org.jpos.q2.iso.ChannelAdaptor$Receiver.run
(ChannelAdaptor.java:303)
at java.lang.Thread.run(Unknown Source)
</exception>
</warn>
</log>

the server log :

<log realm="simulator_10000.server.session/127.0.0.1" at="Mon Feb 02
23:11:13 CE
T 2009.937">
<session-error>
<exception name="Unrecognized SSL message, plaintext connection?">
javax.net.ssl.SSLException: Unrecognized SSL message, plaintext
connection?
at com.sun.net.ssl.internal.ssl.InputRecord.handleUnknownRecord
(Unknown
Source)
at com.sun.net.ssl.internal.ssl.InputRecord.read(Unknown
I hope it's not a so long post but it's the minimal that I can put to
make undersatnd the problem.
Thanks for your help and excuse my very bad english but I'm trying to
improve it :)
Best regards,
Meherzi Badreddine K&K partner Paris


On Jan 30, 10:50 pm, Mark Salter <marksal...@talktalk.net> wrote:

David Bergert

unread,
Feb 2, 2009, 10:00:30 PM2/2/09
to jpos-...@googlegroups.com
This Thread would be worth reviewing:

http://tech.groups.yahoo.com/group/jpos-dev/message/4189?gi=-102

Shows how to configure the server and a client using SSL.
You may need to read through all of the messages.


David Bergert, CISSP, CISA, CPISM/A
www.paymentsystemsblog.com

Gufran Nazir

unread,
Feb 16, 2015, 5:52:10 AM2/16/15
to jpos-...@googlegroups.com
Hi All,

Can you please let me know how to configure the jpos channel (client) to make it connect to SSL enabled ISO server.
Kindly shared one channel configuration example.

Regards,
Gufran Nazir

Alejandro Revilla

unread,
Feb 16, 2015, 6:33:23 AM2/16/15
to jPOS Users
Please take a look at section 5.2 nicely titled "SSL Channels" on page 50 of http://jpos.org/doc/proguide-draft.pdf

You'll see there what you're asking for.

--

Gufran Nazir

unread,
Feb 16, 2015, 6:50:58 AM2/16/15
to jpos-...@googlegroups.com
Hi Alejandro,

There its mention for ISO server, I am looking for ISO Client Channel configuration. Is it the same for client as well?

Regards,
Gufran Nazir

Alejandro Revilla

unread,
Feb 16, 2015, 6:57:04 AM2/16/15
to jPOS Users
Yes, it's the same thing.


Gufran Nazir

unread,
Feb 16, 2015, 7:39:45 AM2/16/15
to jpos-...@googlegroups.com
Hi Alejandro,

Thanks for your help.
One more clarification, should I have to add below property as well.

<property name="keystore" value="/path/to/keystore"/> 
<property name="clientauth" value="true"/> 
<property name="storepassword" value="abcccccc"/> 

Regards,
Gufran Nazir

Alejandro Revilla

unread,
Feb 16, 2015, 4:18:50 PM2/16/15
to jPOS Users
Correct.


--
--
jPOS is licensed under AGPL - free for community usage for your open-source project. Licenses are also available for commercial usage. Please support jPOS, contact: sa...@jpos.org
 
Join us in IRC at http://webchat.freenode.net/?channels=jpos
 
You received this message because you are subscribed to the "jPOS Users" group.
Please see http://jpos.org/wiki/JPOS_Mailing_List_Readme_first
To post to this group, send email to jpos-...@googlegroups.com
To unsubscribe, send email to jpos-users+...@googlegroups.com
For more options, visit this group at http://groups.google.com/group/jpos-users
---
You received this message because you are subscribed to the Google Groups "jPOS Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jpos-users+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/jpos-users/8b6b0427-f825-4539-9555-9b745e479d30%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Charaka Wijesinghe

unread,
Jun 20, 2025, 10:57:18 AMJun 20
to jPOS Users
Hi All,
Please help me to figure following issue related to the SSL enabled ISO server.

I'm trying to bring up JPOSS testing server with SSL enabled, I'm running using Q2 server.

When I'm trying to bring up Q2 server q2 log showing following error even though I've given the keystore location and passwords


Error Log
=======                                                                                                                                                                                                                        
</log>                                                                                                                                                                                                                                        
<log realm="Q2.system" at="2025-06-20T22:06:47.105673900" lifespan="80ms">                                                                                                                                                                    
  <info>                                                                                                                                                                                                                                      
    deploy: D:\Dev\work\q2project\deploy\isoserver.xml                                                                                                                                                                                      
  </info>                                                                                                                                                                                                                                    
</log>                                                                                                                                                                                                                                        
<log realm="Q2.system" at="2025-06-20T22:06:47.114681100" lifespan="3ms">                                                                                                                                                                    
  <info>                                                                                                                                                                                                                                      
    deploy: D:\Dev\
work\q2project\deploy\logback.xml                                                                                                                                                                                        
  </info>                                                                                                                                                                                                                                    
</log>                                                                                                                                                                                                                                        
<log realm="isoserver_ssl.server" at="2025-06-20T22:06:47.141676500">                                                                                                                                                                        
  <iso-server>                                                                                                                                                                                                                                
    <iso-exception>                                                                                                                                                                                                                          
      java.io.FileNotFoundException: C:\Users\Olivia\.keystore (The system cannot find the file specified)                                                                                                                                    
      <nested-exception>                                                                                                                                                                                                                      
      java.io.FileNotFoundException: C:\Users\Olivia\.keystore (The system cannot find the file specified)                                                                                                                                    
        at java.base/java.io.FileInputStream.open0(Native Method)                                                                                                                                                                            
        at java.base/java.io.FileInputStream.open(FileInputStream.java:213)                                                                                                                                                                  
        at java.base/java.io.FileInputStream.<init>(FileInputStream.java:152)                                                                                                                                                                
        at org.jpos.iso.GenericSSLSocketFactory.getSSLContext(GenericSSLSocketFactory.java:134)                                                                                                                                              
        at org.jpos.iso.GenericSSLSocketFactory.createServerSocketFactory(GenericSSLSocketFactory.java:161)                                                                                                                                  
        at org.jpos.iso.GenericSSLSocketFactory.createServerSocket(GenericSSLSocketFactory.java:190)                                                                                                                                          
        at org.jpos.iso.ISOServer.run(ISOServer.java:472)                                                                                                                                                                                    
        at java.base/java.lang.Thread.run(Thread.java:1583)                                                                                                                                                                                  
      </nested-exception>                                                                                                                                                                                                                    
      org.jpos.iso.ISOException: java.io.FileNotFoundException: C:\Users\Olivia\.keystore (The system cannot find the file specified) (java.io.FileNotFoundException: C:\Users\Olivia\.keystore (The system cannot find the file specified))  

                                                                                                                                              


I've followed the Jpos draft guide pdf. Please refer following folder and files setup 


--Root Folder (running Q2 command here "java -cp "lib/*;cfg;deploy" org.jpos.q2.Q2")
------deploy
---------- isoserver.xml
------cfg
---------- server-keystore.jks
---------- ssl-server.cfg
------lib
---------- jposs.jar etc..

Files
---------- isoserver.xml
<server name="isoserver_ssl"
class="org.jpos.q2.iso.QServer"
logger="Q2">

<attr name="port" type="java.lang.Integer">10000</attr>
<server-socket-factory class="org.jpos.iso.GenericSSLSocketFactory" />
<channel class="org.jpos.iso.channel.NACChannel"
logger="Q2"
packager="org.jpos.iso.packager.ISO87BPackager">
<property name="socketFactory" value="org.jpos.iso.GenericSSLSocketFactory" />
<property name="keystore" value="cfg/server-keystore.jks" /> 
tried changing into abs path as well.
<property name="storepassword" value="changeit" />
<property name="keypassword" value="changeit" />
<property name="clientauth" value="false" />
</channel>
</server>

---------- ssl-server.cfg
keystore=cfg/server-keystore.jks - tried changing into abs path as well.
storepassword=changeit
keypassword=changeit
clientauth=false
 

PS : I've tried both external config and xml property as well.

Appreciate any support.

Alejandro Revilla

unread,
Jun 20, 2025, 11:09:32 AMJun 20
to jpos-...@googlegroups.com
The properties like keystore, clientauth, etc. need to be inside the <server> element as opposed to the <channel> level.




Mark Salter

unread,
Jun 20, 2025, 11:10:19 AMJun 20
to jpos-...@googlegroups.com
On 20/06/2025 15:57, Charaka Wijesinghe wrote:
Please help me to figure following issue related to the SSL enabled ISO server.

I'm trying to bring up JPOSS testing server with SSL enabled, I'm running using Q2 server.

First check the output ...

      org.jpos.iso.ISOException: java.io.FileNotFoundException: C:\Users\Olivia\.keystore (The system cannot find the file specified) (java.io.FileNotFoundException: C:\Users\Olivia\.keystore (The system cannot find the file specified))  
The config you shared is not what your startup is using.

Files
---------- isoserver.xml
<server name="isoserver_ssl"
class="org.jpos.q2.iso.QServer"
logger="Q2">
<attr name="port" type="java.lang.Integer">10000</attr>
<server-socket-factory class="org.jpos.iso.GenericSSLSocketFactory" />
<channel class="org.jpos.iso.channel.NACChannel"
logger="Q2"
packager="org.jpos.iso.packager.ISO87BPackager">
<property name="socketFactory" value="org.jpos.iso.GenericSSLSocketFactory" />
<property name="keystore" value="cfg/server-keystore.jks" /> 
tried changing into abs path as well.
<property name="storepassword" value="changeit" />
<property name="keypassword" value="changeit" />
<property name="clientauth" value="false" />
</channel>
</server>

---------- ssl-server.cfg
keystore=cfg/server-keystore.jks - tried changing into abs path as well.
storepassword=changeit
keypassword=changeit
clientauth=false
 

PS : I've tried both external config and xml property as well.

Firstly, determine where you are specifying "C:\Users\Olivia\.keystore" and set your keystore to something you wanted or work out why different configuration is being used.



Appreciate any support.

Please always start a new Thread.  tagging this question onto a thread that is more than 10 years old doesn't help anyone.


signature.asc

Charaka Wijesinghe

unread,
Jun 20, 2025, 11:29:21 AMJun 20
to jPOS Users
Hi Alejandro,

I've referred following from the jposs dev guide, will you be able explain where should i configure these parameters,


Screenshot 2025-06-20 232858.png

Alejandro Revilla

unread,
Jun 20, 2025, 11:31:50 AMJun 20
to jpos-...@googlegroups.com
When you configure a server, the parameters go inside the <server> block, not inside the inner <channel> block.




Mark Salter

unread,
Jun 20, 2025, 11:33:41 AMJun 20
to jpos-...@googlegroups.com

Please don't use pictures to share text.

-- 
Mark



-------- Original Message --------
signature.asc

Charaka Wijesinghe

unread,
Jun 20, 2025, 11:34:08 AMJun 20
to jPOS Users
Hi Mark,

Thanks for your reply, 

Yes following path is not where i have configured in in the xml file, this is fall back path (      org.jpos.iso.ISOException: java.io.FileNotFoundException: C:\Users\Olivia\.keystore (The system cannot find the file specified) (java.io.FileNotFoundException: C:\Users\Olivia\.keystore (The system cannot find the file specified))  )
 and this is default path internally it's check when explicit path hasn't been configured. 

But my concern is i have configured relative path correctly, in the  isoserver.xml, i have tried adding my keystore file into fallback path, then it was loaded again password wasn't picked from config then again failed.

Please let me know any insight if you have on this.

Mark Salter

unread,
Jun 20, 2025, 11:39:41 AMJun 20
to jpos-...@googlegroups.com
My point was to highlight that the output you shared was incomplete or not at all relevant to the question and/or configuration shared.

If you are getting that output for the shared config, then there is something wrong you are yet to notice and all bets are off.

To share incorrect details, is odd, but also not respecting your own time - let alone ours :-)

If you can invest some time in getting your question 'right' then that will save us all time.

-- 
Mark

--
--
jPOS is licensed under AGPL - free for community usage for your open-source project. Licenses are also available for commercial usage. Please support jPOS, contact: sa...@jpos.org
---
You received this message because you are subscribed to the Google Groups "jPOS Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jpos-users+...@googlegroups.com.
signature.asc

chhil

unread,
Jun 22, 2025, 12:50:59 AMJun 22
to jpos-...@googlegroups.com
Sample project is attached (hoping zip goes through).


Simple tls server with tls client verified with wireshark to se tls protocol for traffic on port 10000
 On my mac I run it  ./gradlew runServer    
build.gradle has set the TLS debug system property.
Sample log has tls data in it.

Simply proves that the connection happens using TLS.
Check the deploy app/folder folder for configurations. Using port 10000


-chhil 

app.zip

Charaka Wijesinghe

unread,
Jun 22, 2025, 8:31:23 AMJun 22
to jpos-...@googlegroups.com
Thanks chhil,

May i know where is the client code which construct the iso message ? Or have you tested it in a different way ?

chhil

unread,
Jun 22, 2025, 9:45:45 AMJun 22
to jpos-...@googlegroups.com

Client code wasn't the concern here, as ibsimply wanted to put a tls client server sample as it's looks like quite a few are having trouble with it. . You can deploy anything that creates the iso msg and sends the message using the mux after getting it from the name registrar.


Charaka Wijesinghe

unread,
Jun 22, 2025, 11:16:13 AMJun 22
to jpos-...@googlegroups.com
Reply all
Reply to author
Forward
0 new messages