Torsten Curdt’s weblog

Connecting to https URL is easy in java. Just create a URL object and you are ready to go. If you need to provide a client certificate it gets a little more complicated to get it right. Basically you have to create a properly set up SSLSocketFactory to establish an authenticated connection. You have to load you PKCS12 certificate into a keystore and provide that store to the SSLContext.

private SSLSocketFactory getFactory( File pKeyFile, String pKeyPassword ) throws ... {
  KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("SunX509);
  KeyStore keyStore = KeyStore.getInstance("PKCS12");

  InputStream keyInput = new FileInputStream(pKeyFile);
  keyStore.load(keyInput, pKeyPassword.toCharArray());
  keyInput.close();

  keyManagerFactory.init(keyStore, pKeyPassword.toCharArray());

  SSLContext context = SSLContext.getInstance("TLS");
  context.init(keyManagerFactory.getKeyManagers(), null, new SecureRandom());

  return context.getSocketFactory();
}

URL url = new URL("https://someurl");
HttpsURLConnection con = (HttpsURLConnection) url.openConnection();
con.setSSLSocketFactory(getFactory(new File("file.p12"), "secret"));

If the client certificate was issued by your private CA you also need to make sure the full certificate chain is in your JVMs keystore.

STORE=/path/to/JRE/cacerts
sudo keytool -import -trustcacerts \
  -keystore $STORE \
  -storepass changeit \
  -noprompt \
  -file myca.pem \
  -alias myca

It was a long back and forth …but the end the Canon 30D turns out to be my camera of choice. The Nikon D200 was very tempting but in the end it all comes down to how you prioritize the different aspects of the cameras. I absolutely do not want to take part in this stupid Canon vs Nikon “war”. Both are excellent cameras but somehow the 30D seemed like the way to go – for me. I love shooting in low light conditions and Ken Rockwell’s comparison really helped me to decide – because I absolutely disagree with his conclusion. I do prefer the Canon pictures at high ISOs. In general the colors of the 30D seem to be a bit more vivid and the available lenses for the Canon are a better fit. Canon also seems to be a bit more committed to go further full frame in the future which would be fantastic. Just in time before I left to Austin my 50mm/1.4 lense arrived and I have to say it feels good to have a proper SLR again. So I am happy shooting away here at the ApacheCon.

I’ve hopped on the plane in Frankfurt and a few hours later met Andrew in Dallas for the flight to Austin. Now at the Hilton. Hope to see you around!!

Do you ever had to ssh into a gateway host to then ssh into the machine really wanted to log into? Well, you could setup a tunel …but that just way too complicated for this little task. Just do a

ssh -tt me@gateway ssh -tt host

Especially when you setup pubkey authentication this works like charm.

It’s really sad I could not make it to this year’s Cocoon GetTogether in Amsterdam. Although I am back from Australia (and by that almost around the corner) I have just been too busy traveling lately and with the upcoming ApacheCon I needed a few days with my friends and family. Being back I still haven’t seen them all that much at all.

Well, you guys have fun in Amsterdam …hope to catch a few people at ApacheCon next week.