Forum Discussion

Jeffro21_47444's avatar
Jeffro21_47444
Icon for Nimbostratus rankNimbostratus
Aug 03, 2012

Self Signed SSL Certs without a keystore

I am trying to use the iControl API's with the IBM JRE and hoping to be able to use the API's with a self signed ssl cert and without storing the certificate in the keystore.

 

 

I am trying to do the following and get the exception below.

 

 

 

privatestaticvoid loginToF5() {

 

Security.addProvider(new XTrustProvider());

 

XTrustProvider.install();

 

if (getJVMVendor().startsWith("IBM")) {

 

Security.setProperty("ssl.ServerSocketFactory.provider", "org.apache.axis.components.net.IBMFakeTrustSocketFactory");

 

}

 

boolean login = interfaces.initialize(hostname, username, password);

 

if (!login) {

 

System.out.println("Unable to login to f5, " + hostname + ", with supplied username and password");

 

System.exit(-1);

 

}

 

}

 

 

 

 

Caused by: java.lang.Exception: Truststore file does not exist: /root/.keystore

 

at com.ibm.jsse2.uc.a(uc.java:91)

 

at com.ibm.jsse2.lc.f(lc.java:12)

 

at com.ibm.jsse2.lc.(lc.java:16)

 

at java.lang.J9VMInternals.newInstanceImpl(Native Method)

 

at java.lang.Class.newInstance(Class.java:1345)

 

at java.security.Provider$Service.newInstance(Provider.java:880)

 

 

 

I can get around that issue with adding the following, but I get the following exception, any thoughts or ideas?

 

 

 

 

System.setProperty(

 

"org.apache.axis.components.net.SecureSocketFactory",

 

"org.apache.axis.components.net.IBMFakeTrustSocketFactory");

 

 

 

 

Exception in thread "main" java.lang.NoClassDefFoundError: com.ibm.net.ssl.SSLContext

 

at org.apache.axis.components.net.IBMFakeTrustSocketFactory.getContext(IBMFakeTrustSocketFactory.java:55)

 

 

 

In doing some research it looks like that class was renamed to javax.net.ssl.SSLContext.

 

Do I need to rebuild something to get this to work?

 

 

  • I was going off of the advice of both of these posts.

     

     

    https://devcentral.f5.com/weblogs/joe/archive/2005/03/25/392.aspx

     

     

    https://devcentral.f5.com/weblogs/joe/archive/2005/07/06/1345.aspx