• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 3785
  • Last Modified:

J2ME and https connection

When i try to establish a https connection to my local webserver with an home made certificate, I get this response:

javax.microedition.pki.CertificateException: Certificate was issued by an unrecognized entity


How do I solve this.

Please give me detailed instructions.
0
daggodt
Asked:
daggodt
  • 10
  • 7
  • 4
1 Solution
 
objectsCommented:
Add the public key of the server's CA using the MEKeyTool.

http://java.sun.com/j2me/docs/html/docs/Running.html
0
 
daggodtAuthor Commented:
ok, but when I want to load the MIDletsuite in to my mobilephone, I normally just copy the jar file into the phone. If I get it right, the mekeytool alters the jad file, but not the jar file?

How do I install the jad file to the mobile phone?
0
 
aozarovCommented:
For one you can use a standard CA (like verisign) which provides demo certificate for free.
Otherwise you can try using the JADTool to add your selfsigned certificate to your jad file (never done it myself)
e.g:
*** Adding certificate to JAD file...
C:\java\j2sdk1.4.2_02\bin\java -jar C:\java\WTK21\bin\JadTool.jar -addcert -alias duke -storepass dukekeystorepasswd -inputjad SMSDemo.jad -outputjad SMSDemo.jad
*** Adding certificate to JAD file succeeded...

*** Adding JAR's digital signature to JAD file...
C:\java\j2sdk1.4.2_02\bin\java -jar C:\java\WTK21\bin\JadTool.jar -addjarsig -jarfile SMSDemo.jar -alias duke -storepass dukekeystorepasswd -keypass dukekeypasswd -inputjad SMSDemo.jad -outputjad SMSDemo.jad
*** Adding  JAR's digital signature to JAD file succeeded...

For more info about it see: http://eclipseme.org/docs/refSigning.html (Signing the MIDlet suite as the final step in deploying it)
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
daggodtAuthor Commented:
what you say is that when i execute the *** Adding certificate to JAD file... - command, the J2ME application will automaticly accept the web servers sertificate which is used when i open a https-connection in my application?

If that is the case, I can not see where my webserver's certificate is added to the jad file at any point...

could you please explain me, or lead me on the right track..

I will try to explain my case again:

My application will make a https-connection to a web server. Now, when it does, I get an certificateException, because the webserver's certificate is signed by a non-valid CA. Can I somehow make the application/phone accept this certificate, and not trowing an exception?

If any solve this case, I'll donate you 500 extra points!

Thank you, and please reply!
0
 
aozarovCommented:
JadTool.jar -addcert should add the certificate[s] to your jad file (see http://asdf.hu/j2me_midp_2.0fcs/use/appx-jadtool.html for more info including how to list the inserted certificate[s])
For enabling your device to add a CA as part of its known/autherized root CA  list you should consult the device manual (I think it is device depended).
To test your application you can use the demo CA provided by VeriSign https://www.verisign.com/products-services/security-services/ssl/buy-ssl-certificates/free-trial/index.html
0
 
daggodtAuthor Commented:
OK, which certificate should I sign the jad file with. My private certificate or my own root certificate which i sign my private certificate with?

PS. aozarov: Have you tried this? I could really need a guarantee/inication that this works, so that I can put more effort into this.

I appriciate your help!
0
 
aozarovCommented:
>> My private certificate or my own root certificate which i sign my private certificate with?
You need to add a certificate for your public key that was done by a known CA (like VeriSign).
After creating your key pair you need to create a CSR see http://java.sun.com/j2se/1.3/docs/tooldocs/win32/keytool.html#certreqCmd and
http://www.networking4all.com/en/support/ssl+certificates/generating+a+certificate+signing+request+(csr)/java/java+based+web+servers
Then you send that CSR to any known CA. After you get the certificate from that CA you can import it to your keystore.
You use that imported certificate when using the JadTool.

>> PS. aozarov: Have you tried this?
No, I did not do it in the J2ME world but I did do it for https connections made by web browsers.
I can't guarantee that it will work (sorry), but I can't see why it shouldn't work as long as you provide a public key signed by a CA that is known to your device.
0
 
objectsCommented:
> After you get the certificate from that CA you can import it to your keystore.

Already mentioned that earlier, though I thought you said that the jar needed to be signed with the cert?
Can you explain a bit more about whats involved in that process?
0
 
aozarovCommented:
>> Already mentioned that earlier
Were did you mention it? By providing a link? I though that link talks about setting your simulator environment.

>> though I thought you said that the jar needed to be signed with the cert?
Where did I say that?

Anycase,
Once you you get the certificate back you can apply the two steps as described in: http://eclipseme.org/docs/refSigning.html#sign (see my first comment).


0
 
objectsCommented:
> I though that link talks about setting your simulator environment.

No it talks about adding the public key (as I stated in the comment).
0
 
aozarovCommented:
>No it talks about adding the public key (as I stated in the comment).
That link talks about setting your simulator environment which doesn't help for J2ME applications that runs outside of it.
For that you need to modify the jad itself, as I suggested, instead of modifying the simulator environment.
0
 
daggodtAuthor Commented:
so what you say is that I have to purchase a digital certificate from Verisign, Thawte e.g? Can not use my unsigned certificate?
0
 
aozarovCommented:
> so what you say is that I have to purchase a digital certificate from Verisign, Thawte e.g? Can not use my unsigned certificate?
That is right, unless you device has a way to accept/import new certificates (worth checking that out with your device vendor).
0
 
objectsCommented:
> so what you say is that I have to purchase a digital certificate from Verisign, Thawte e.g?

As mentioned in the link I posted :)

"HTTPS relies on the public keys of certificate authorities to authenticate web sites. Only sites that present a server certificate signed by a trusted certificate authority (CA) can be accessed. Connections to other web sites, including test sites set up with self-signed certificates, will fail with a HTTPS certificate error."
0
 
aozarovCommented:
The above is a generic HTTPS statement.
Your provided link is not relevant as it talks about a simulator environment.
One line after the sentence you just quoted it says "One can add new CAs to this file using the MEKeyTool as illustrated in section "Using the MEKeyTool"." which is not applicable in this case.
0
 
objectsCommented:
You're contradicting yourself a little there :)  
0
 
aozarovCommented:
Explain.
0
 
aozarovCommented:
The not applicable in this case refers to the "simulator environment".
0
 
objectsCommented:
My comments are posted here for daggodt and really have nothing to do with you to be honest, not sure why you find it necessary to repeatedly comment on them.
Would you prefer if I didn't try and help, is that what you want ???
0
 
aozarovCommented:
>> Would you prefer if I didn't try and help, is that what you want ???
No I don't. I do think you are doing a good service to the community.
But I do answer to comments that are referred to me directly or indirectly or when I feel injustice regarding my answer was done.
0
 
objectsCommented:
Sorry but the only way my comments could be considewred directed towards you would be that they are agreeing with what you have said so I'm not sure I understand your persistent need to comment.
Just leave the commenting to daggodt, people get answers a lot quicker that way :)
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

  • 10
  • 7
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now