Setting up keystore programmatically before getting default SSL context
up vote
0
down vote
favorite
I am in the impression that once I set system properties when I get SSLContext.getDefault() should return me SSLContext with those set properties. In the following case should be with specified keyStore. Unfortunately that's not what is happening. It falls back JVM's default keystore. Am I missing something ?
System.setProperty("javax.net.ssl.keyStore", "/valida-location/keyStore.jks");
System.setProperty("javax.net.ssl.keyStorePassword","changeit");
System.setProperty("sun.security.ssl.allowUnsafeRenegotiation", "true");
answer = SSLContext.getDefault();
java security java-security java-security-manager
asked Nov 9 at 21:58
Sagar
2,37541735
add a comment |
up vote
0
down vote
favorite
I am in the impression that once I set system properties when I get SSLContext.getDefault() should return me SSLContext with those set properties. In the following case should be with specified keyStore. Unfortunately that's not what is happening. It falls back JVM's default keystore. Am I missing something ?
System.setProperty("javax.net.ssl.keyStore", "/valida-location/keyStore.jks");
System.setProperty("javax.net.ssl.keyStorePassword","changeit");
System.setProperty("sun.security.ssl.allowUnsafeRenegotiation", "true");
answer = SSLContext.getDefault();
java security java-security java-security-manager
asked Nov 9 at 21:58
Sagar
2,37541735
1
What do you get in the logs when you run with-Djavax.net.debug=ssl'? Does it show that it reads/keyStore.jks?
– Karol Dowbecki
Nov 9 at 22:07
keyStore is : keyStore type is : jks keyStore provider is : init keystore init keymanager of type SunX509 trigger seeding of SecureRandom done seeding SecureRandom Allow unsafe renegotiation: false Allow legacy hello messages: trueThis is what I get in logs @KarolDowbecki
– Sagar
Nov 9 at 22:13
Can you re-run with-Dproperties instead ofSystem.setProperty()? I'm trying to confirm if your keystore location and password is correct.
– Karol Dowbecki
Nov 9 at 22:53
1
(1) is this code executed before any other reference to any SSL-related classes by any code in your JVM processs? (It must be.) (2) Is/keyStore.jksreally in your system's root directory (or on Windows the drive's)?
– dave_thompson_085
Nov 10 at 2:06
@dave_thompson_085 please see my answer. Although I tried putting those two properties in my constructor, that too was too late. So, in the end, put that in a static block. Thanks for the hint.
– Sagar
Nov 10 at 14:34
add a comment |
up vote
0
down vote
favorite
up vote
0
down vote
favorite
I am in the impression that once I set system properties when I get SSLContext.getDefault() should return me SSLContext with those set properties. In the following case should be with specified keyStore. Unfortunately that's not what is happening. It falls back JVM's default keystore. Am I missing something ?
System.setProperty("javax.net.ssl.keyStore", "/valida-location/keyStore.jks");
System.setProperty("javax.net.ssl.keyStorePassword","changeit");
System.setProperty("sun.security.ssl.allowUnsafeRenegotiation", "true");
answer = SSLContext.getDefault();
java security java-security java-security-manager
asked Nov 9 at 21:58
Sagar
2,37541735
I am in the impression that once I set system properties when I get SSLContext.getDefault() should return me SSLContext with those set properties. In the following case should be with specified keyStore. Unfortunately that's not what is happening. It falls back JVM's default keystore. Am I missing something ?
System.setProperty("javax.net.ssl.keyStore", "/valida-location/keyStore.jks");
System.setProperty("javax.net.ssl.keyStorePassword","changeit");
System.setProperty("sun.security.ssl.allowUnsafeRenegotiation", "true");
answer = SSLContext.getDefault();
java security java-security java-security-manager
java security java-security java-security-manager
asked Nov 9 at 21:58
Sagar
2,37541735
asked Nov 9 at 21:58
Sagar
2,37541735
edited Nov 10 at 14:04
asked Nov 9 at 21:58
Sagar
2,37541735
asked Nov 9 at 21:58
Sagar
2,37541735
asked Nov 9 at 21:58
Sagar
2,37541735
2,37541735
1
What do you get in the logs when you run with-Djavax.net.debug=ssl'? Does it show that it reads/keyStore.jks?
– Karol Dowbecki
Nov 9 at 22:07
keyStore is : keyStore type is : jks keyStore provider is : init keystore init keymanager of type SunX509 trigger seeding of SecureRandom done seeding SecureRandom Allow unsafe renegotiation: false Allow legacy hello messages: trueThis is what I get in logs @KarolDowbecki
– Sagar
Nov 9 at 22:13
Can you re-run with-Dproperties instead ofSystem.setProperty()? I'm trying to confirm if your keystore location and password is correct.
– Karol Dowbecki
Nov 9 at 22:53
1
(1) is this code executed before any other reference to any SSL-related classes by any code in your JVM processs? (It must be.) (2) Is/keyStore.jksreally in your system's root directory (or on Windows the drive's)?
– dave_thompson_085
Nov 10 at 2:06
@dave_thompson_085 please see my answer. Although I tried putting those two properties in my constructor, that too was too late. So, in the end, put that in a static block. Thanks for the hint.
– Sagar
Nov 10 at 14:34
add a comment |
1
What do you get in the logs when you run with-Djavax.net.debug=ssl'? Does it show that it reads/keyStore.jks?
– Karol Dowbecki
Nov 9 at 22:07
keyStore is : keyStore type is : jks keyStore provider is : init keystore init keymanager of type SunX509 trigger seeding of SecureRandom done seeding SecureRandom Allow unsafe renegotiation: false Allow legacy hello messages: trueThis is what I get in logs @KarolDowbecki
– Sagar
Nov 9 at 22:13
Can you re-run with-Dproperties instead ofSystem.setProperty()? I'm trying to confirm if your keystore location and password is correct.
– Karol Dowbecki
Nov 9 at 22:53
1
(1) is this code executed before any other reference to any SSL-related classes by any code in your JVM processs? (It must be.) (2) Is/keyStore.jksreally in your system's root directory (or on Windows the drive's)?
– dave_thompson_085
Nov 10 at 2:06
@dave_thompson_085 please see my answer. Although I tried putting those two properties in my constructor, that too was too late. So, in the end, put that in a static block. Thanks for the hint.
– Sagar
Nov 10 at 14:34
1
1
What do you get in the logs when you run with
-Djavax.net.debug=ssl'? Does it show that it reads /keyStore.jks?– Karol Dowbecki
Nov 9 at 22:07
What do you get in the logs when you run with
-Djavax.net.debug=ssl'? Does it show that it reads /keyStore.jks?– Karol Dowbecki
Nov 9 at 22:07
keyStore is : keyStore type is : jks keyStore provider is : init keystore init keymanager of type SunX509 trigger seeding of SecureRandom done seeding SecureRandom Allow unsafe renegotiation: false Allow legacy hello messages: true This is what I get in logs @KarolDowbecki– Sagar
Nov 9 at 22:13
keyStore is : keyStore type is : jks keyStore provider is : init keystore init keymanager of type SunX509 trigger seeding of SecureRandom done seeding SecureRandom Allow unsafe renegotiation: false Allow legacy hello messages: true This is what I get in logs @KarolDowbecki– Sagar
Nov 9 at 22:13
Can you re-run with
-D properties instead of System.setProperty()? I'm trying to confirm if your keystore location and password is correct.– Karol Dowbecki
Nov 9 at 22:53
Can you re-run with
-D properties instead of System.setProperty()? I'm trying to confirm if your keystore location and password is correct.– Karol Dowbecki
Nov 9 at 22:53
1
1
(1) is this code executed before any other reference to any SSL-related classes by any code in your JVM processs? (It must be.) (2) Is
/keyStore.jks really in your system's root directory (or on Windows the drive's)?– dave_thompson_085
Nov 10 at 2:06
(1) is this code executed before any other reference to any SSL-related classes by any code in your JVM processs? (It must be.) (2) Is
/keyStore.jks really in your system's root directory (or on Windows the drive's)?– dave_thompson_085
Nov 10 at 2:06
@dave_thompson_085 please see my answer. Although I tried putting those two properties in my constructor, that too was too late. So, in the end, put that in a static block. Thanks for the hint.
– Sagar
Nov 10 at 14:34
@dave_thompson_085 please see my answer. Although I tried putting those two properties in my constructor, that too was too late. So, in the end, put that in a static block. Thanks for the hint.
– Sagar
Nov 10 at 14:34
add a comment |
1 Answer
1
active
oldest
votes
up vote
0
down vote
I think by the time answer = SSLContext.getDefault(); was about to execute, SSLContext related classed were already loaded. I solved it by putting
System.setProperty("javax.net.ssl.keyStore", "/valida-location/keyStore.jks");
System.setProperty("javax.net.ssl.keyStorePassword","changeit");
in static block of my class. That way, there properties were set at the time of class loading. Thanks to @dave_thompson_085 for hint.
answered Nov 10 at 14:33
Sagar
2,37541735
add a comment |
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
0
down vote
I think by the time answer = SSLContext.getDefault(); was about to execute, SSLContext related classed were already loaded. I solved it by putting
System.setProperty("javax.net.ssl.keyStore", "/valida-location/keyStore.jks");
System.setProperty("javax.net.ssl.keyStorePassword","changeit");
in static block of my class. That way, there properties were set at the time of class loading. Thanks to @dave_thompson_085 for hint.
answered Nov 10 at 14:33
Sagar
2,37541735
add a comment |
up vote
0
down vote
I think by the time answer = SSLContext.getDefault(); was about to execute, SSLContext related classed were already loaded. I solved it by putting
System.setProperty("javax.net.ssl.keyStore", "/valida-location/keyStore.jks");
System.setProperty("javax.net.ssl.keyStorePassword","changeit");
in static block of my class. That way, there properties were set at the time of class loading. Thanks to @dave_thompson_085 for hint.
answered Nov 10 at 14:33
Sagar
2,37541735
add a comment |
up vote
0
down vote
up vote
0
down vote
I think by the time answer = SSLContext.getDefault(); was about to execute, SSLContext related classed were already loaded. I solved it by putting
System.setProperty("javax.net.ssl.keyStore", "/valida-location/keyStore.jks");
System.setProperty("javax.net.ssl.keyStorePassword","changeit");
in static block of my class. That way, there properties were set at the time of class loading. Thanks to @dave_thompson_085 for hint.
answered Nov 10 at 14:33
Sagar
2,37541735
I think by the time answer = SSLContext.getDefault(); was about to execute, SSLContext related classed were already loaded. I solved it by putting
System.setProperty("javax.net.ssl.keyStore", "/valida-location/keyStore.jks");
System.setProperty("javax.net.ssl.keyStorePassword","changeit");
in static block of my class. That way, there properties were set at the time of class loading. Thanks to @dave_thompson_085 for hint.
answered Nov 10 at 14:33
Sagar
2,37541735
answered Nov 10 at 14:33
Sagar
2,37541735
answered Nov 10 at 14:33
Sagar
2,37541735
answered Nov 10 at 14:33
Sagar
2,37541735
2,37541735
add a comment |
add a comment |
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53233770%2fsetting-up-keystore-programmatically-before-getting-default-ssl-context%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
1
What do you get in the logs when you run with
-Djavax.net.debug=ssl'? Does it show that it reads/keyStore.jks?– Karol Dowbecki
Nov 9 at 22:07
keyStore is : keyStore type is : jks keyStore provider is : init keystore init keymanager of type SunX509 trigger seeding of SecureRandom done seeding SecureRandom Allow unsafe renegotiation: false Allow legacy hello messages: trueThis is what I get in logs @KarolDowbecki– Sagar
Nov 9 at 22:13
Can you re-run with
-Dproperties instead ofSystem.setProperty()? I'm trying to confirm if your keystore location and password is correct.– Karol Dowbecki
Nov 9 at 22:53
1
(1) is this code executed before any other reference to any SSL-related classes by any code in your JVM processs? (It must be.) (2) Is
/keyStore.jksreally in your system's root directory (or on Windows the drive's)?– dave_thompson_085
Nov 10 at 2:06
@dave_thompson_085 please see my answer. Although I tried putting those two properties in my constructor, that too was too late. So, in the end, put that in a static block. Thanks for the hint.
– Sagar
Nov 10 at 14:34