Java – Analyze SSL certificate programmatically or via commandline

c++javaobjective-cssl

I'ld like to analyze the certificate of a given url and get some details of it. Do you know any ways to do this? A command-line tool can be something like downloadSSLCert https://my.funny.url/ > certFile and then analyzing it for e.g. the fingerprint of the cert. It can be a command line utility, a C/C++/Objective-C or Java code and will be used on osx >= 10.5

Best Solution

You can make an SSL connection from the command line thus:

echo '' | openssl s_client -connect www.google.com:443

The output will contain the X.509 cert in base64 encoding.

To view further details,

... | openssl x509 -fingerprint -text

If you only want the fingerprint, omit the "-text" flag and add "-out /dev/null".

Related Solutions

Java – How to deal with “java.lang.OutOfMemoryError: Java heap space” error

Ultimately you always have a finite max of heap to use no matter what platform you are running on. In Windows 32 bit this is around 2GB (not specifically heap but total amount of memory per process). It just happens that Java chooses to make the default smaller (presumably so that the programmer can't create programs that have runaway memory allocation without running into this problem and having to examine exactly what they are doing).

So this given there are several approaches you could take to either determine what amount of memory you need or to reduce the amount of memory you are using. One common mistake with garbage collected languages such as Java or C# is to keep around references to objects that you no longer are using, or allocating many objects when you could reuse them instead. As long as objects have a reference to them they will continue to use heap space as the garbage collector will not delete them.

In this case you can use a Java memory profiler to determine what methods in your program are allocating large number of objects and then determine if there is a way to make sure they are no longer referenced, or to not allocate them in the first place. One option which I have used in the past is "JMP" http://www.khelekore.org/jmp/.

If you determine that you are allocating these objects for a reason and you need to keep around references (depending on what you are doing this might be the case), you will just need to increase the max heap size when you start the program. However, once you do the memory profiling and understand how your objects are getting allocated you should have a better idea about how much memory you need.

In general if you can't guarantee that your program will run in some finite amount of memory (perhaps depending on input size) you will always run into this problem. Only after exhausting all of this will you need to look into caching objects out to disk etc. At this point you should have a very good reason to say "I need Xgb of memory" for something and you can't work around it by improving your algorithms or memory allocation patterns. Generally this will only usually be the case for algorithms operating on large datasets (like a database or some scientific analysis program) and then techniques like caching and memory mapped IO become useful.

Java – How to import a .cer certificate into a java keystore

If you want to authenticate you need the private key - there is no other option.
A certificate is a public key with extra properties (like company name, country,...) that is signed by some Certificate authority that guarantees that the attached properties are true.
.CER files are certificates and don't have the private key. The private key is provided with a .PFX keystore file normally. If you really authenticate is because you already had imported the private key.

You normally can import .CER certificates without any problems with

keytool -importcert -file certificate.cer -keystore keystore.jks -alias "Alias"

Best Solution

Related Solutions

Java – How to deal with “java.lang.OutOfMemoryError: Java heap space” error

Java – How to import a .cer certificate into a java keystore

Related Question