Contents
SSLPoke tests against the truststore to determine if it contains the right certificates. It will let you connect to a SSL service, send a byte of input, and prints the response. The tool should be simple enough to use, however, over the years there have been modifications made to it that effected it’s ability to simply work. In some cases, no modifications had been made and only worked with Java 6. That said, using several resources, many listed below, I have made my own modifications.
SSLPoke.java
This SSLPoke has been compiled on a Linux CentOS 6 distribution using Java JDK 8 build 74. Among some minor modifications, there is the addition of a usage dialog so that I would have quicker access to help rather than sift through my notes.
import java.io.*;
import javax.net.ssl.*;
public class SSLPoke
{
public static void main(String args[])
{
if(args.length != 2)
{
System.err.println("");
System.err.println("#################################################################");
System.err.println("# SSLPoke (Compiled March 15, 2016 using Java JDK 1.8.0_74-b02) #");
System.err.println("# Utility to debug Java connections to SSL servers #");
System.err.println("#################################################################");
System.err.println("");
System.err.println("Usage: java SSLPoke <host> <port>");
System.err.println("");
System.err.println("Debug: java -Djavax.net.debug=ssl SSLPoke <host> <port>");
System.err.println("");
System.err.println("Examples");
System.err.println(" java SSLPoke localhost 443");
System.err.println(" java SSLPoke www.google.com 443");
System.err.println(" java -Djavax.net.ssl.trustStore=/opt/app/jdk1.7.0_60/jre/lib/security/cacerts SSLPoke localhost 443");
System.err.println(" java -Djavax.net.ssl.trustStore=/usr/java/jre1.6.0_37/lib/security/cacerts -Djavax.net.debug=all SSLPoke localhost 443");
System.exit(1);
}
try
{
SSLSocketFactory sslsocketfactory = (SSLSocketFactory)SSLSocketFactory.getDefault();
SSLSocket sslsocket = (SSLSocket)sslsocketfactory.createSocket(args[0], Integer.parseInt(args[1]));
InputStream inputstream = sslsocket.getInputStream();
OutputStream outputstream = sslsocket.getOutputStream();
outputstream.write(1);
for(; inputstream.available() > 0; System.out.print(inputstream.read()));
System.out.println("Successfully connected");
System.exit(0);
}
catch (Exception exception)
{
String message = exception.getClass().getName();
if (message != null && message.length() > 0)
{
message += " : " + exception.getMessage();
}
System.err.println("FAILURE: " + message);
}
System.exit(1);
}
}
SSLPoke.class
Since I am no expert with Java or Java programming, I did manage to find the few commands that compile this script into a .class file.
javac SSLPoke.java
manifest.mf
The manifest. If you want to take it farther and compile into a .jar file, a manifest is needed. Again, no expert in this arena and this isn’t likely laid out as most programmers may lay this out. This worked for me. I created a directory within the directory containing the .class file called META-INF. Within that directory, a file called, manifest.mf. Using vim META-INF/manifest.mf.
Manifest-version: 1.0
Main-Class: SSLPoke
SSLPoke.jar
To compile into a .jar.
jar cvfm SSLPoke.jar META-INF/manifest.mf SSLPoke.class
Execution
To run this tool, here are a couple of simplistic methods.
java SSLPoke
java -jar SSLPoke.ja
Examples
[root@test ]# java SSLPoke it.megocollector.com 443
Successfully connected
[root@test ]# java SSLPoke something.nonexistant.com 443
FAILURE: java.net.UnknownHostException : something.nonexistant.com
Note: That the error will also occur with self-signed certificates that have not been imported into the Java cacerts file.
Download
Contains the SSLPoke.class, SSLPoke.jar, SSLPoke.java, and META-INF/, META-INF/manifest.mf files described in this article.
SSLPoke.zip (4.4 KiB, 199 hits)
Source(s)
- https://gist.github.com/4ndrej/4547029
- http://confluence.atlassian.com/display/JIRA/Connecting+to+SSL+services
- https://confluence.atlassian.com/download/attachments/117455/SSLPoke.java
- https://celoxis.atlassian.net/wiki/display/DOC90/Debugging+SSL+issues+with+your+SMTP,+POP3,+IMAP+or+LDAP+servers
- https://confluence.atlassian.com/kb/unable-to-connect-to-ssl-services-due-to-pkix-path-building-failed-779355358.html