Skip to main content
Redhat Developers  Logo
  • Products

    Featured

    • Red Hat Enterprise Linux
      Red Hat Enterprise Linux Icon
    • Red Hat OpenShift AI
      Red Hat OpenShift AI
    • Red Hat Enterprise Linux AI
      Linux icon inside of a brain
    • Image mode for Red Hat Enterprise Linux
      RHEL image mode
    • Red Hat OpenShift
      Openshift icon
    • Red Hat Ansible Automation Platform
      Ansible icon
    • Red Hat Developer Hub
      Developer Hub
    • View All Red Hat Products
    • Linux

      • Red Hat Enterprise Linux
      • Image mode for Red Hat Enterprise Linux
      • Red Hat Universal Base Images (UBI)
    • Java runtimes & frameworks

      • JBoss Enterprise Application Platform
      • Red Hat build of OpenJDK
    • Kubernetes

      • Red Hat OpenShift
      • Microsoft Azure Red Hat OpenShift
      • Red Hat OpenShift Virtualization
      • Red Hat OpenShift Lightspeed
    • Integration & App Connectivity

      • Red Hat Build of Apache Camel
      • Red Hat Service Interconnect
      • Red Hat Connectivity Link
    • AI/ML

      • Red Hat OpenShift AI
      • Red Hat Enterprise Linux AI
    • Automation

      • Red Hat Ansible Automation Platform
      • Red Hat Ansible Lightspeed
    • Developer tools

      • Red Hat Trusted Software Supply Chain
      • Podman Desktop
      • Red Hat OpenShift Dev Spaces
    • Developer Sandbox

      Developer Sandbox
      Try Red Hat products and technologies without setup or configuration fees for 30 days with this shared Openshift and Kubernetes cluster.
    • Try at no cost
  • Technologies

    Featured

    • AI/ML
      AI/ML Icon
    • Linux
      Linux Icon
    • Kubernetes
      Cloud icon
    • Automation
      Automation Icon showing arrows moving in a circle around a gear
    • View All Technologies
    • Programming Languages & Frameworks

      • Java
      • Python
      • JavaScript
    • System Design & Architecture

      • Red Hat architecture and design patterns
      • Microservices
      • Event-Driven Architecture
      • Databases
    • Developer Productivity

      • Developer productivity
      • Developer Tools
      • GitOps
    • Secure Development & Architectures

      • Security
      • Secure coding
    • Platform Engineering

      • DevOps
      • DevSecOps
      • Ansible automation for applications and services
    • Automated Data Processing

      • AI/ML
      • Data Science
      • Apache Kafka on Kubernetes
      • View All Technologies
    • Start exploring in the Developer Sandbox for free

      sandbox graphic
      Try Red Hat's products and technologies without setup or configuration.
    • Try at no cost
  • Learn

    Featured

    • Kubernetes & Cloud Native
      Openshift icon
    • Linux
      Rhel icon
    • Automation
      Ansible cloud icon
    • Java
      Java icon
    • AI/ML
      AI/ML Icon
    • View All Learning Resources

    E-Books

    • GitOps Cookbook
    • Podman in Action
    • Kubernetes Operators
    • The Path to GitOps
    • View All E-books

    Cheat Sheets

    • Linux Commands
    • Bash Commands
    • Git
    • systemd Commands
    • View All Cheat Sheets

    Documentation

    • API Catalog
    • Product Documentation
    • Legacy Documentation
    • Red Hat Learning

      Learning image
      Boost your technical skills to expert-level with the help of interactive lessons offered by various Red Hat Learning programs.
    • Explore Red Hat Learning
  • Developer Sandbox

    Developer Sandbox

    • Access Red Hat’s products and technologies without setup or configuration, and start developing quicker than ever before with our new, no-cost sandbox environments.
    • Explore Developer Sandbox

    Featured Developer Sandbox activities

    • Get started with your Developer Sandbox
    • OpenShift virtualization and application modernization using the Developer Sandbox
    • Explore all Developer Sandbox activities

    Ready to start developing apps?

    • Try at no cost
  • Blog
  • Events
  • Videos

SSL Testing Tool

October 27, 2017
Siddhartha De
Related topics:
Java

Share:

    If you have a large number of servers, which are configured with SSL/TLS and you are out of track on their certificate validity, now all of sudden you are worried if some of the certificates are expired.

    Or if I think in some other scenario where you are required to understand underlying SSL/TLS configuration of your servers e.g. CipherSuits, Protocols, etc.

    Yes, in the traditional way, you can get all the information of your SSL/TLS configuration by login into an individual server and check the certificates but it is very difficult if your environment size is very high.

    To overcome this problem, I have to build a tool, which will give you all required details.

    Source Code:

    import java.io.FileInputStream;
    import java.math.BigInteger;
    import java.security.KeyStore;
    import javax.net.ssl.KeyManager;
    import javax.net.ssl.KeyManagerFactory;
    import javax.net.ssl.SSLContext;
    import javax.net.ssl.SSLSession;
    import javax.net.ssl.SSLSocket;
    import javax.net.ssl.SSLSocketFactory;
    import javax.net.ssl.TrustManager;
    import javax.net.ssl.TrustManagerFactory;
    import javax.security.cert.X509Certificate;
    
    /**
    *
    * @author sidd
    **/
    
    public class SSLFactory_Client {
        public static void main(String[] args){
           String hostname;
           Integer port;
           if(args.length!=2){
               hostname = "google.com";
               port = 443;
           }else{
               hostname = args[0];
               port = Integer.valueOf( args[1]);
           }
    
           SSLFactory_Client sclient = new SSLFactory_Client();
           SSLContext sslContext = sclient.createSSLContext();
           try {
               SSLSocketFactory sslSocketFactory = sslContext.getSocketFactory();
               SSLSocket sslSocket = (SSLSocket) sslSocketFactory.createSocket(hostname, port);
               sslSocket.startHandshake();
               SSLSession sslSession = (SSLSession) sslSocket.getSession();
                
               System.out.println("SSLSession :");
               System.out.println("\tSessionID: "+  new BigInteger(sslSession.getId()));
               System.out.println("\tProtocol : "+sslSession.getProtocol());
               System.out.println("\tCipher suite : "+sslSession.getCipherSuite());
               System.out.println("\tServer: "+sslSession.getPeerHost());
               System.out.println("\tSSL Port: "+sslSession.getPeerPort());
    
               System.out.println("\nSupported Protocol :");
               for(int i=0;i<sslSocket.getEnabledProtocols().length;i++){
                   System.out.println("\t"+sslSocket.getEnabledProtocols()[i]);
               }
    
               System.out.println("\nSupported CipherSuites: ");
               for(int j=0;j<sslSocket.getEnabledCipherSuites().length;j++){
                   System.out.println("\t"+sslSocket.getEnabledCipherSuites()[j]);
               }
    
               X509Certificate[] certs = (X509Certificate[]) sslSession.getPeerCertificateChain();
               System.out.println("\nCertificate Chain Info :");
               for (int i =0;i<certs.length;i++){
                   System.out.println("\tSubject DN :"+((X509Certificate) certs[i]).getSubjectDN());
                   System.out.println("\tIssuer DN  : "+((X509Certificate) certs[i]).getIssuerDN());
                   System.out.println("\tSerial No. : "+((X509Certificate) certs[i]).getSerialNumber());
                   System.out.println("\tExpires On : "+((X509Certificate) certs[i]).getNotAfter()+"\n");
              }   
           } catch (Exception ex) {
               ex.printStackTrace();
           }
        } 
    
        private SSLContext createSSLContext(){
           try{
               KeyStore keyStore = KeyStore.getInstance("JKS");
               keyStore.load(new FileInputStream("/opt/jdk1.8.0_102/jre/lib/security/cacerts"),"changeit".toCharArray());        
    
               // Create key manager
               KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("SunX509");
               keyManagerFactory.init(keyStore, "changeit".toCharArray());
               KeyManager[] km = keyManagerFactory.getKeyManagers();          
    
               // Create trust manager
               TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("SunX509");
               trustManagerFactory.init(keyStore);
               TrustManager[] tm = trustManagerFactory.getTrustManagers();
              
               // Initialize SSLContext
               SSLContext sslContext = SSLContext.getInstance("TLSv1.2");
               sslContext.init(km,  tm, null);
               return sslContext; 
           } catch (Exception ex){
               ex.printStackTrace();
               return null;
           }
        }
    }

    Compile the code using javac (e.g. javac SSLFactory_Client .java).

    Now, you can execute the program, you need to pass the hostname and port during the execution (e.g java SSLFactory_Client “google.com” 443) and you will get the output something like below.

    Output:

    Note: This program can also be used for testing two-way SSL/TLS connection.

    Last updated: October 20, 2017

    Recent Posts

    • Container starting and termination order in a pod

    • More Essential AI tutorials for Node.js Developers

    • How to run a fraud detection AI model on RHEL CVMs

    • How we use software provenance at Red Hat

    • Alternatives to creating bootc images from scratch

    Red Hat Developers logo LinkedIn YouTube Twitter Facebook

    Products

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform

    Build

    • Developer Sandbox
    • Developer Tools
    • Interactive Tutorials
    • API Catalog

    Quicklinks

    • Learning Resources
    • E-books
    • Cheat Sheets
    • Blog
    • Events
    • Newsletter

    Communicate

    • About us
    • Contact sales
    • Find a partner
    • Report a website issue
    • Site Status Dashboard
    • Report a security problem

    RED HAT DEVELOPER

    Build here. Go anywhere.

    We serve the builders. The problem solvers who create careers with code.

    Join us if you’re a developer, software engineer, web designer, front-end designer, UX designer, computer scientist, architect, tester, product manager, project manager or team lead.

    Sign me up

    Red Hat legal and privacy links

    • About Red Hat
    • Jobs
    • Events
    • Locations
    • Contact Red Hat
    • Red Hat Blog
    • Inclusion at Red Hat
    • Cool Stuff Store
    • Red Hat Summit

    Red Hat legal and privacy links

    • Privacy statement
    • Terms of use
    • All policies and guidelines
    • Digital accessibility

    Report a website issue