Hi Jax, You still need to load the keystore because that's where your server certificate is stored, which you still need to make an SSL connection.
If you don't want to do certificate validation, then you can create a self-signed certificate. That said, there are free ways to get verified server certificates (e.g. StartSSL), so you might also look into that. Jon ........ Jon Moore > On Jul 18, 2014, at 2:51 AM, jax <[email protected]> wrote: > > Hi All, > > I'm trying to implement a Https Asynchronous server. I am using the example > - Asynchronous HTTP server. > It is not a requirement that I implement certificate validation, I just need > to be able to accept files on port 443. > > Do I need to still provide the following code? > > ClassLoader cl = NHttpServer.class.getClassLoader(); > URL url = cl.getResource("my.keystore"); > if (url == null) { > System.out.println("Keystore not found"); > System.exit(1); > } > KeyStore keystore = KeyStore.getInstance("jks"); > keystore.load(url.openStream(), "secret".toCharArray()); > KeyManagerFactory kmfactory = KeyManagerFactory.getInstance( > KeyManagerFactory.getDefaultAlgorithm()); > kmfactory.init(keystore, "secret".toCharArray()); > KeyManager[] keymanagers = kmfactory.getKeyManagers(); > > If I initialise my SSLContext without using the keymanagers, I am not able > to connect using curl. > > SSLContext sslcontext = SSLContext.getInstance("TLS"); > sslcontext.init(null, null, null); > connFactory = new SSLNHttpServerConnectionFactory(sslcontext, > null, ConnectionConfig.DEFAULT); > > > [root@localhost ~]# curl -v -i -k https://<ip>:443/getStatus > * About to connect() to <ip> port 443 (#0) > * Trying <ip>... connected > * Connected to <ip> (<ip>) port 443 (#0) > * Initializing NSS with certpath: sql:/etc/pki/nssdb > * warning: ignoring value of ssl.verifyhost > * NSS error -5938 > * Closing connection #0 > * SSL connect error > > What is the best way to do this? > > Thanks, Jax. > > > > -- > View this message in context: > http://httpcomponents.10934.n7.nabble.com/Https-server-tp23868.html > Sent from the HttpClient-User mailing list archive at Nabble.com. > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
