I made file id_rsa.pub, id_rsa.
Final String privatekey = "C:/Users/tj/.ssh/id_rsa";
through SFTPUtil, jsch library
I want to communicate on Ubuntu server with this function.
AddIdentity (privateKey)
This does not work and "with error message invalid privatekey" occurs.
How can I connect from Java to file server?
Related
Trying to make Postgres connection to CockroachDB with DataGrip but getting this error:
[08006] The SSLSocketFactory class provided
com.intellij.execution.rmi.ssl.SslSocketFactory could not be
instantiated. signed overrun, bytes = 919.
From the DataGrip connection interface:
URL:
jdbc:postgresql://localhost:26257/postgres
with port 26257 and with SSL enable
CA File
/cert/ca.key
Client Certificate File:
/certs/client.root.crt
Client key file:
/client.root.key
This setup above doesn't work with DataGrip, but the same certs works with the CLI:
cockroach cert create-client root --certs-dir=certs --ca-key=/ca.key
cockroach start --certs-dir=certs --store=node1 --listen-addr=localhost:26257 --http-addr=localhost:8080 --join=localhost:26257,localhost:26258,localhost:26259 --background
What could be wrong with the DataGrip configuration?
I think you need to generate the client cert and key in PKCS8 format for Java. This slightly older version of CockroachDB's Java hello world tutorial has guidance that might help: https://www.cockroachlabs.com/docs/v20.1/build-a-java-app-with-cockroachdb#step-3-generate-a-certificate-for-the-maxroach-user.
I have a customed device with iMx.6 microcontroller and embedded Linux. Also I have costumed Linux kernel according in hardware and rootFS built by buildroot. The device has a LVDS and touchscreen. I would like to have Midori browser in the device to browse various websites. the problem is when I run Midori with $midori -a www.google.com I got this error :
GLib-Net-WARNING **: couldn't load TLS file database: Failed to open file '/etc/pki/tls/certs/ca-bundle.crt': No such file or directory
Do you have any idea how can I solve the problem?
Midori cannot find the file containing the set of X.509 public key Certificates of the Certificate Authorities it should trust. Since it cannot find it, it does not trust any Public Key Certificate presented by the WEB sites it tries to connect to using TLS.
You would need to retrieve such a file, for example from the cURL project, cacert.pem, and install it in the /etc/pki/tls/certs directory - create it if it does not exist - under the name ca-bundle.crt.
This should solve your issue.
I am using Zabbix 4.0.
Trying to make a discovery rule for another remote linux server with SSH agent.
It asks for privatekey file and public key file. I understand it asks for privatekey file.
I put the private key file for remote server into the zabbix server .ssh director.
But why does zabbix also wants us to enter public key file. Privatekey file should be enough
to connect to remote server.
It is probably the public key of the server (aka hostkey), that is needed to verify that Zabbix is connecting to the legitimate server.
Remote server is an IBM i (7.1) with DB2 installed on it. I am trying to connect to this remote db2 database on IBM i machine via JDBC encrypted link using SSL from my windows machine, I am using jt400-6.7.jar.
I can see that SSL is correctly configured on IBM i machine as I see the following in Digital Certificate Manager :
Current Certificate Store
You have selected to work with the certificate store listed below. The left frame is being refreshed to show the task list for this certificate store. Select a task from the left frame to begin working with this certificate store.
Certificate type: Server or client
Certificate store: *SYSTEM
Certificate store path and filename:
/QIBM/USERDATA/ICSS/CERT/SERVER/DEFAULT.KDB
I followed this link to set up SSL on my IBM i machine :
https://isupport.krengeltech.com/rxs/setting_up_ssl/
This is my JDBC program executed from my windows 10 machine:
import java.sql.*;
public class IBMiSSLConnect
{
public static void main(String[] args) throws Exception
{
try
{
Class.forName("com.ibm.as400.access.AS400JDBCDriver");
Connection con = DriverManager.getConnection("jdbc:as400://IBMiMachineIP:5021/DBNAME&secure=true", "USER", "PASSWORD");
}
catch(Exception e)
{
System.out.println(e.getMessage());
}
}
}
I get the following error :
[PWS0082] library(s) not added to the library list.
If however I replace url as below (adding system library):
Connection con = DriverManager.getConnection("jdbc:as400://IBMiMachineIP:5021/DBNAME;naming=system;libraries=QSYS;secure=true", "USER", "PASSWORD");
I get the following error instead :
The application requester cannot establish the connection. (sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target)
I have two questions:
Q 1: Does one always needs to add naming and libraries in url for JDBC encryption using SSL ?
something like this:
dbc:as400://someserver;naming=system;libraries=devfiles,prodfiles,sysibm,etc
I am refering to this link :
How can I insert additional libraries to my jdbc/DB2 connection?
Q 2: Should I use secure or sslConnection as url parameter ?
that is:
a: jdbc:as400://IBMiMachineIP:5021/DBNAME&secure=true
or
b: jdbc:as400://IBMiMachineIP:5021/DBNAME&sslConnection=true
*Note: I have already made changes to SSL permissions for truststore files default.kdb and default.rdb as mentioned here :
https://isupport.krengeltech.com/rxs/configuring_ssl_permissions/
Q1. No, you do not need to add the naming and libraries properties when using SSL.
Q2. You shouldn't be using the :5021 as part of the URL. It is currently ignored, but may be used in the future. You should be using secure=true to get an SSL connection.
I suspect your problem is that the truststore used by the JVM on the client system does not have the certificate for your Certificate Authority (it looks like you are using a self signed certificate on the server). If you still have problems, turn on SSL trace on the client by using the following when starting java:
-Djavax.net.debug=ssl:handshake:verbose
Note, jt400.jar comes with a jdbcClient, so you can used that to test your connection. Here is an example of connecting using SSL. In this case, the cacerts is the trust store that contains a certificate for the CA that signed the server certificate.
java -Djavax.net.debug=ssl:handshake:verbose -Djavax.net.ssl.trustStore=cacerts -jar jt400.jar 'jdbc:as400:SYSTEM;secure=true' USERID PASSWORD
This will show the SSL negotiation that the JVM is doing.
what #jweberhard said in terms of question, use of library is not required
and ssl port is not 5021 is correct, thanks #jweberhard .However I realized
in my case particularly I was making one wrong assumption based on prior
knowledge .
I have done a similar SSL encrypted connection from windows machine to
remote machines with MySQL DB and Postgres DB and in both cases you see in
wireshark something like this:
1 source IP Dest IP TLSv1.2 220 Client Hello
2 Dest IP source IP TLSv1.2 1140 Server Hello, Certificate, Server Key Exchange, Server Hello Done
3 source IP Dest IP TLSv1.2 129 Client Key Exchange
4 source IP Dest IP TLSv1.2 60 Change Cipher Spec
5 source IP Dest IP TLSv1.2 99 Encrypted Handshake Message
I was looking for TLSv1.2 protocol usage in wireshark , but however I
realized that specially when you are working with DB2 database on IBM i you
would still see TCP protocol being used,
but the litmus test is if you see :
1: Port 9471 being used for SSL Connection in wireshark ( if it is not
secure you will see port 8471 being used instead).
Refer this link for port usage for IBM i :
https://www-03.ibm.com/systems/power/software/i/toolbox/faq/ports.html
and
2: QZDASSINIT job being created on your IBM i machine( Use green screen to
check your job by using WRKACTJOB command and check for this job , this job
is created for SSL connection to your DB2 database , else you would see
only QZDASONIT job which is for a non-secure connection.
I am trying to connect to a t3 url which I am told has a blank username and password but, I don't know how to pass an empty username and password in the connect() call. How can I do this?
When I do connect('', '', 't3://hostname:port'), WLST tries to connect to the given url using username 'weblogic' which I don't know where it is getting from?
--- UPDATE ---
Please ignore the above... See Sandra's comment.
The script I am trying to run is the one shown in WebLogic Server JMS WLST Script – Who is Connected To My Server. Although I have lightly modified it to pass username, password and url as arguments into the script...
I have saved the script to a file named: listJmsQueueConsumers.py and I run the script as follows:
$ source /opttest/bea/wlserver_10.3/server/bin/setWLSEnv.sh
$ java weblogic.WLST listJmsQueueConsumers.py "username" "password" "t3://ip-address:port" where, the username, password and url are the admin's username, password and url pointing to weblogic server's administrator port.
Now, when I run the script, I get the following error:
Caused by: java.net.ConnectException: t3://ip-address:port: Destination unreachable; nested exception is:
java.net.SocketException: Connection reset; No available router to destination
I have also tries running the script with the same url but using protocol t3s and, when I run the script using t3s, I get:
Caused by: java.net.ConnectException: t3s://ip-address:port: Destination unreachable; nested exception is:
javax.net.ssl.SSLKeyException: [Security:090542]Certificate chain received from bc2-06-v1.compass.cnsonline.net - ip-address was not trusted causing SSL handshake failure. Check the certificate chain to determine if it should be trusted or not. If it should be trusted, then update the client trusted CA configuration to trust the CA certificate that signed the peer certificate chain. If you are connecting to a WLS server that is using demo certificates (the default WLS server behavior), and you want this client to trust demo certificates, then specify -Dweblogic.security.TrustKeyStore=DemoTrust on the command line for this client.; No available router to destination
I am pretty sure the ip address and port I use are the server's ip address and administrator port but I am not sure what the errors actually mean. Do I need some sort of SSL certificate to connect via t3s protocol?
You will need import the certificate from the WebLogic server to the local keystore being used by your local Java client JVM. I use a tool called KeyStore Explorer (http://keystore-explorer.sourceforge.net/) to do this. Other good options are listed here How to properly import a selfsigned certificate into Java keystore that is available to all Java applications by default?