home.


Tagged: ssl


Jetty 9: Enabling SSL in Embedded Jetty

First create a HttpConfiguration with a HTTP configuration that explains its secure scheme and port:

HttpConfiguration http_config = new HttpConfiguration();
http_config.setSecureScheme("https");
http_config.setSecurePort(8443);

Then we’ll create another HttpConfiguration for https that extends from the above but adds a SecureRequestCustomizer

HttpConfiguration https_config = new HttpConfiguration(http_config);
https_config.addCustomizer(new SecureRequestCustomizer());          

Next create a SslContextFactory that points to your Java keystore

SslContextFactory sslContextFactory = new SslContextFactory("/its_dir/cert.keystore");
sslContextFactory.setKeyStorePassword("password");

Note you can prefix the password with OBF: if you’re going to use the Jetty obfuscated password.

Next we’re creating the ServerConnector, passing in the Server class, a SslConnectorFactory and a HttpConnectionFactory.

ServerConnector httpsConnector = new ServerConnector(server, 
       new SslConnectionFactory(sslContextFactory, "http/1.1"),
       new HttpConnectionFactory(https_config));
httpsConnector.setPort(8443);
httpsConnector.setIdleTimeout(50000);           

Finally use this connector, maybe along with a normal Http ServerConnector, to the Server.

server.setConnectors(new Connector[]{ httpsConnector });
java jetty ssl https

Android: Trust all SSL certificates in Volley

This goes for more than just Volley, but a quick and easy way to accept all certificates is:

public static class NukeSSLCerts {
    protected static final String TAG = "NukeSSLCerts";

    public static void nuke() {
        try {
            TrustManager[] trustAllCerts = new TrustManager[] { 
                new X509TrustManager() {
                    public X509Certificate[] getAcceptedIssuers() {
                        X509Certificate[] myTrustedAnchors = new X509Certificate[0];  
                        return myTrustedAnchors;
                    }

                    @Override
                    public void checkClientTrusted(X509Certificate[] certs, String authType) {}

                    @Override
                    public void checkServerTrusted(X509Certificate[] certs, String authType) {}
                }
            };

            SSLContext sc = SSLContext.getInstance("SSL");
            sc.init(null, trustAllCerts, new SecureRandom());
            HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
            HttpsURLConnection.setDefaultHostnameVerifier(new HostnameVerifier() {
                @Override
                public boolean verify(String arg0, SSLSession arg1) {
                    return true;
                }
            });
        } catch (Exception e) { 
        }
    }
}    

You can run this in your Application class’s onCreate() and volley will no longer complain about not trusting the certificate.

This is obviously very dangerous and should only be used during testing.

Credits go to: http://engineering.sproutsocial.com/2013/09/android-using-volley-and-loopj-with-self-signed-certificates/

android android-volley ssl java

Apache: Redirect HTTP traffic to HTTPS

If you want all the HTTP traffic to be rerouted through HTTPS, you need to specify a mod_rewrite rule:

<VirtualHost *:80>
 ServerName  example.com
 RewriteEngine on
 ReWriteCond %{SERVER_PORT} !^443$
 RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 [NC,R=301,L]
</VirtualHost>

This is saying take all traffic going to port 80 that’s not on port 443 (yeah…) and rewrite it to a https:// url, ignoring case (NC), sending a moved permanently error message (R=301).

Now specify the vhost entry for HTTPS:

<VirtualHost *:443>
  ServerName  example.com

  SSLEngine on

  SSLCertificateFile your_cert.pem
  SSLCertificateKeyFile your_private.key

  ...
</VirtualHost>

The above is a normal SSL vhost entry, specifying the certificate and private key for your HTTPS site.

unix apache ssl https apache-mod_rewrite

Page 1 of 1