Tuesday, August 4, 2009

SSL on Tomcat, JBoss and command line client (continued)

I finished my previous post with the ending lines as So if you had used domain name in the cert CN, then use domain name or if it is machine name then use the machine name ; and if you don't do so you shall see error messages similiar to HTTPS hostname wrong: should be <personal-pc> where you had given your ip or localhost as the CN name while creating the keystore whereas referring the machine by its name (personal-pc in this case). If you go by the rules mentioned in previous post, it shall work i.e. using the same name in the URL to refer the machine you used as CN. What if you still want to be able to work with the different name (not the one similiar to the CN) or you want to use the IP in the URL when accessing the site? Well there is also a provision for this. You can write your own code to decide what needs to be done in such a situation by implementing the HostnameVerifier interface.
URL url = new URL("https://personal-PC:8443/SampleWebApp/HelloWorld");
URLConnection connection = url.openConnection();

if (connection instanceof HttpsURLConnection) {
    ((HttpsURLConnection) connection).setHostnameVerifier(new HostnameVerifier() {

        public boolean verify(String hostname, SSLSession session) {
           //TODO: Logic controlling the verfication.
           return true;

BufferedReader reader = new BufferedReader(new InputStreamReader(connection.getInputStream()));
//Rest of the IO code.
In the code above, I am just returning true for what ever comes in as host name, you shall write your logic here to handle the situation the way you like. With the above code in place, you will be able to use all valid names to refer your machine in the URL including computer name and localhost/ (only for testing purposes).

No comments:

Post a Comment