Discussion:
[Ikvm-developers] Problems with certificates form HTTPS connections
Volker Berlin
2017-02-07 10:55:48 UTC
Permalink
Hi Jeroen,

We have problems with HTTPS connections from a docker installation. The
certificate can't validate. For validating the Java VM use the root
certificates saved in <java.home>\lib\security\cacerts. In IKVM this is
a virtual file. We receive different files if we read it directly inside
IKVM on different systems.

That the core Questions:

* From where read IKVM the cacerts file?
* Any idea how we can fix this?

Volker


How we have read the file:

File cert = new File(java.lang.System.getProperty("java.home") +
File.separator + "lib" + File.separator + "security" + File.separator +
"cacerts");

FileInputStream input = new FileInputStream(cert);

FileOutputStream output = new FileOutputStream("c:\\temp\\cert_export.txt");

int data = input.read();

while(data != -1)

{

output.write(data);

data = input.read();

}

input.close();

output.close();
Jeroen Frijters
2017-02-07 12:42:21 UTC
Permalink
Hi Volker,

The trusted root certificates are read from the system via the .NET class X509Store (the code is in vfs.cs).

The problem with this approach is that Windows downloads the trusted root certificates on-demand and so the content of this store depends on what websites the user has visited. I didn't know this when I designed this mechanism, but I also don't want to be in the business of distributing trusted root certificates, so I don't really know how to solve this.

Regards,
Jeroen

From: Volker Berlin [mailto:***@inetsoftware.de]
Sent: Tuesday, February 7, 2017 11:56
To: IKVM List <ikvm-***@lists.sourceforge.net>
Subject: [Ikvm-developers] Problems with certificates form HTTPS connections


Hi Jeroen,

We have problems with HTTPS connections from a docker installation. The certificate can't validate. For validating the Java VM use the root certificates saved in <java.home>\lib\security\cacerts. In IKVM this is a virtual file. We receive different files if we read it directly inside IKVM on different systems.
That the core Questions:

* From where read IKVM the cacerts file?
* Any idea how we can fix this?

Volker


How we have read the file:

File cert = new File(java.lang.System.getProperty("java.home") + File.separator + "lib" + File.separator + "security" + File.separator + "cacerts");
FileInputStream input = new FileInputStream(cert);
FileOutputStream output = new FileOutputStream("c:\\temp\\cert_export.txt");
int data = input.read();
while(data != -1)
{
output.write(data);
data = input.read();
}
input.close();
output.close();
Volker Berlin
2017-02-07 15:08:27 UTC
Permalink
Hi Jeroen,

Thanks, this help to solve it. With powershell we call the follow line
before run it and it work.
[System.Net.WebRequest]::Create("https://inetsoftware.de").GetResponse().Close()

Volker
Post by Jeroen Frijters
Hi Volker,
The trusted root certificates are read from the system via the .NET
class X509Store (the code is in vfs.cs).
The problem with this approach is that Windows downloads the trusted
root certificates on-demand and so the content of this store depends
on what websites the user has visited. I didn’t know this when I
designed this mechanism, but I also don’t want to be in the business
of distributing trusted root certificates, so I don’t really know how
to solve this.
Regards,
Jeroen
*Sent:* Tuesday, February 7, 2017 11:56
*Subject:* [Ikvm-developers] Problems with certificates form HTTPS
connections
Hi Jeroen,
We have problems with HTTPS connections from a docker installation.
The certificate can't validate. For validating the Java VM use the
root certificates saved in <java.home>\lib\security\cacerts. In IKVM
this is a virtual file. We receive different files if we read it
directly inside IKVM on different systems.
* From where read IKVM the cacerts file?
* Any idea how we can fix this?
Volker
File cert = new File(java.lang.System.getProperty("java.home") +
File.separator + "lib" + File.separator + "security" + File.separator
+ "cacerts");
FileInputStream input = new FileInputStream(cert);
FileOutputStream output = new
FileOutputStream("c:\\temp\\cert_export.txt");
int data = input.read();
while(data != -1)
{
output.write(data);
data = input.read();
}
input.close();
output.close();
Loading...