From [Java™ Secure Socket Extension (JSSE) Reference Guide][1], `TrustManagerFactory` uses the following steps to try to find trust material:

 1. system property `javax.net.ssl.trustStore`
 2. `java-home/lib/security/jssecacerts`
 3. `java-home/lib/security/cacerts` (shipped by default)

I think this is based on convention over configuration concept. Without extra coding effort, `cacert` will be used. For extra private CA/Signing certs, a developer either can use first or second way, where former may just contain a particular cert but later contains a list of certs.

  [1]: http://docs.oracle.com/javase/7/docs/technotes/guides/security/jsse/JSSERefGuide.html#X509TrustManager

As I understand it, the `cacerts` file is the shipped default one.

If there is a `jssecacerts` file it is used exclusively - not in addition to the `cacerts` file.

My recommendation: keep the `cacerts` file, copy to `jssecacerts` and add any private CA/Signing certs needed to the `jssecacerts` file.

Good question. I think it arises from the historical fact that JSSE was once an add-on. JSSE does allow multiple providers, so maybe `jssecacerts` is only for the JSSE provider, and other providers might use their own.

But who used cacerts prior to JSSE is another question.

The question is short and simple: Is there a way to get the Method object from an apsectj  ProceedingJoinPoint?

Currently I am doing 

    Class[] parameterTypes = new Class[joinPoint.getArgs().length];
    Object[] args = joinPoint.getArgs();
    for(int i=0; i&lt;args.length; i++) {
    	if(args[i] != null) {
    		parameterTypes[i] = args[i].getClass();
    	}
    	else {
        	parameterTypes[i] = null;
    	}
    }
    		
    String methodName = joinPoint.getSignature().getName();
    Method method = joinPoint.getSignature()
        .getDeclaringType().getMethod(methodName, parameterTypes);

but I don&#39;t think this is the way to go ... 

Getting the java.lang.reflect.Method from a ProceedingJoinPoint?

I am trying to attach &#39;click&#39; events to all elements of a particular class. The problem is some of the elements are on a tab that is hidden (display: none) at the time that the event is bound. (.bind()). It seems that when these elements are shown the events are no longer bound.

    $(&#39;a.someClass&#39;).bind(&#39;click&#39;, function(){
      alert(&quot;test&quot;);
    });

The hidden elements do not appear to have a click event bound. If I select the hidden elements:

    $(&#39;a.someClass:hidden&#39;).bind(&#39;click&#39;, function(){
      alert(&quot;test&quot;);
    });

It seems the click event is not bound when these elements are no longer hidden. Has anyone experienced this? Is there a way to bind and event to elements irregardless of their display property?

Thanks


jQuery - How do I bind events to hidden elements that will be shown later?

I&#39;m seriously confused on the differences between `cacerts` and `jssecacerts` files.

I know that by default java looks for the `jssecacerts` file and then the `cacerts` file.

But what is the point of the `jssecacerts` file?

My understanding is that if a new truststore needs to be used then a copy of `cacerts` should be made and all new trusted CAs should be added to that copy. The copy of `cacerts` (with the new CAs) should then be referenced by the `-Djavax.net.ssl.trustStore` system property.  That way other java applications that run on that machine won&#39;t accidently trust non-default CAs.

Why does java have both the cacerts and jssecacerts files?

I'm seriously confused on the differences between <code>cacerts</code> and <code>jssecacerts</code> files.
I know that by default java looks for the <code>jssecacerts</code> file and then the <code>cacerts</code> file.
But what is the point of the <code>jssecacerts</code> file?
My understanding is that if a new truststore needs to be used then a copy of <code>cacerts</code> should be made and all new trusted CAs should be added to that copy. The copy of <code>cacerts</code> (with the new CAs) should then be referenced by the <code>-Djavax.net.ssl.trustStore</code> system property. That way other java applications that run on that machine won't accidently trust non-default CAs.

Is there an elegant way to skip the first iteration in a Java5 foreach loop ?

Example pseudo-code:

    for ( Car car : cars ) {     
       //skip if first, do work for rest
       .
       .
    }

java foreach skip first iteration

This is what I did to round a double to 2 decimal places:

    amount = roundTwoDecimals(amount);

    public double roundTwoDecimals(double d) {
        DecimalFormat twoDForm = new DecimalFormat(&quot;#.##&quot;);
		return Double.valueOf(twoDForm.format(d));
    }

This works great if the amount = 25.3569 or something like that, but if the amount = 25.00 or the amount = 25.0, then I get 25.0!  What I want is both rounding as well as formatting to 2 decimal places. 

How do I round a double to two decimal places in Java?

I am trying to use this GUI mod for a Minecraft Server. I wrote a batch file so the server can start with more RAM. When I run just the .jar file, no command window opens and it runs just fine (of course with about 256mb ram) I was reading online that javaw starts a jar file without a command-line-console. But when I use javaw, the command console opens, but when I close it the program remains open. this is my batch file:

    @echo off 
    &quot;%ProgramFiles(x86)%\Java\jre6\bin\javaw.exe&quot; -jar -Xms1024m -Xmx1024m crafty.jar 
    @echo on

I don&#39;t understand java as well as most, so please try to be as clear as possible. Thanks


Start a java program without the console

I&#39;m using the runtime to run command prompt commands from my Java program. However, I&#39;m not aware of how I can get the output the command returns.

Here is my code:

    Runtime rt = Runtime.getRuntime();

    String[] commands = {&quot;system.exe&quot;, &quot;-send&quot; , argument};

    Process proc = rt.exec(commands);

I tried doing `System.out.println(proc);` but that did not return anything. The execution of that command should return two numbers separated by a semicolon. How could I get this in a variable to print out?

Here is the code I&#39;m using now:

    String[] commands = {&quot;system.exe&quot;, &quot;-get t&quot;};
    
    Process proc = rt.exec(commands);
    
    InputStream stdIn = proc.getInputStream();
    InputStreamReader isr = new InputStreamReader(stdIn);
    BufferedReader br = new BufferedReader(isr);

    String line = null;
    System.out.println(&quot;&lt;OUTPUT&gt;&quot;);
    
    while ((line = br.readLine()) != null)
         System.out.println(line);

    System.out.println(&quot;&lt;/OUTPUT&gt;&quot;);
    int exitVal = proc.waitFor();
    System.out.println(&quot;Process exitValue: &quot; + exitVal);

But I&#39;m not getting anything as my output, but when I run that command myself it works fine.

Java Runtime.getRuntime(): getting output from executing a command line program

I&#39;d like to understand the advantages provided by these type of threads.


- In what environments are green threads better than non-green? Some say green threads are better for multi core processors.

- Any expected behaviour problems.  





Green Threads vs Non Green Threads

I am trying to use signet for OAuth to Google services. And get this error:

    SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed

Following these questions:

 * [SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed](https://stackoverflow.com/questions/4528101/ssl-connect-returned-1-errno-0-state-sslv3-read-server-certificate-b-certificate)
 * [OmniAuth &amp; Facebook: certificate verify failed](https://stackoverflow.com/questions/3977303/omniauth-facebook-certificate-verify-failed/5512518)

Seems the solution is either to fix `ca_path` or to &lt;strike&gt;set `VERIFY_NONE` for SSL&lt;/strike&gt;.

The `ca_path` fix posted only works on Linux (port install) and the fix for `VERIFY_NONE` seems to be for faraday.

Is there a solution for Windows/signet gem?

How to solve &quot;certificate verify failed&quot; on Windows?

I&#39;ve been following this guide as much as I could
http://robsnotebook.com/xampp-ssl-encrypt-passwords .

However whenever I browse to a page starting with https the apache server replies 404 Object Not Found.

What setting I am missing? Thanks for any help.

Enabling SSL with XAMPP

I would like to know how to setup SSL on my web application on the localhost. 

I have no background in doing this, would appreaciate guidance. I already finished implementing my web application and i need it to use https on the localhost or while I host it on a server. 

Any Ideas? 


Regards. 

How do you use https / SSL on localhost?

Assuming the Subject Alternative Name (SAN) property of an SSL certificate contains two DNS names

 1. `domain.tld`
 2. `host.domain.tld`

but the Common Name (CN) is set to only one of both: `CN=domain.tld`.

 - Does this setup have a special meaning, or any [dis]advantages over setting both CNs?
 - What happens on server-side if the other one, `host.domain.tld`, is being requested?

Specifically, how does *OpenSSL 0.9.8b+* handle the given scenario?

How do Common Names (CN) and Subject Alternative Names (SAN) work together?

Given an SSL key and certificate, how does one create an HTTPS service?

How to create an HTTPS server in Node.js?

By looking at the file `java.security` of my `JRE`, I see that the keystore type to use by default is set to `JKS`. [Here][1], there is a list of the keystore types that can be used.

Is there a recommended keystore type? What are the pros/cons of the different keystore types?

  [1]: http://docs.oracle.com/javase/6/docs/technotes/guides/security/StandardNames.html#KeyStore

Keystore type: which one to use?

Has anyone encountered this error before?  I&#39;m new to SSL, is there anything obviously wrong with my ClientHello that I&#39;m missing?  That exception is thrown with no ServerHello response.  Any advice is appreciated.


    *** ClientHello, TLSv1
    RandomCookie:  GMT: 1351745496 bytes = { 154, 151, 225, 128, 127, 137, 198, 245, 160, 35, 124, 13, 135, 120, 33, 240, 82, 223, 56, 25, 207, 231, 231, 124, 103, 205, 66, 218 }
    Session ID:  {}
    Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
    Compression Methods:  { 0 }
    ***
    [write] MD5 and SHA1 hashes:  len = 75
    0000: 01 00 00 47 03 01 51 92   00 D8 9A 97 E1 80 7F 89  ...G..Q.........
    0010: C6 F5 A0 23 7C 0D 87 78   21 F0 52 DF 38 19 CF E7  ...#...x!.R.8...
    0020: E7 7C 67 CD 42 DA 00 00   20 00 04 00 05 00 2F 00  ..g.B... ...../.
    0030: 33 00 32 00 0A 00 16 00   13 00 09 00 15 00 12 00  3.2.............
    0040: 03 00 08 00 14 00 11 00   FF 01 00                 ...........
    xxx, WRITE: TLSv1 Handshake, length = 75
    [write] MD5 and SHA1 hashes:  len = 101
    0000: 01 03 01 00 3C 00 00 00   20 00 00 04 01 00 80 00  ....&lt;... .......
    0010: 00 05 00 00 2F 00 00 33   00 00 32 00 00 0A 07 00  ..../..3..2.....
    0020: C0 00 00 16 00 00 13 00   00 09 06 00 40 00 00 15  ............@...
    0030: 00 00 12 00 00 03 02 00   80 00 00 08 00 00 14 00  ................
    0040: 00 11 00 00 FF 51 92 00   D8 9A 97 E1 80 7F 89 C6  .....Q..........
    0050: F5 A0 23 7C 0D 87 78 21   F0 52 DF 38 19 CF E7 E7  ..#...x!.R.8....
    0060: 7C 67 CD 42 DA                                     .g.B.
    xxx, WRITE: SSLv2 client hello message, length = 101
    [Raw write]: length = 103
    0000: 80 65 01 03 01 00 3C 00   00 00 20 00 00 04 01 00  .e....&lt;... .....
    0010: 80 00 00 05 00 00 2F 00   00 33 00 00 32 00 00 0A  ....../..3..2...
    0020: 07 00 C0 00 00 16 00 00   13 00 00 09 06 00 40 00  ..............@.
    0030: 00 15 00 00 12 00 00 03   02 00 80 00 00 08 00 00  ................
    0040: 14 00 00 11 00 00 FF 51   92 00 D8 9A 97 E1 80 7F  .......Q........
    0050: 89 C6 F5 A0 23 7C 0D 87   78 21 F0 52 DF 38 19 CF  ....#...x!.R.8..
    0060: E7 E7 7C 67 CD 42 DA                               ...g.B.
    [Raw read]: length = 5
    0000: 15 03 01 00 02                                     .....
    [Raw read]: length = 2
    0000: 02 46                                              .F

{http://xml.apache.org/axis/}stackTrace:

    javax.net.ssl.SSLException: Received fatal alert: protocol_version
	at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:190)
	at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:136)
	at com.sun.net.ssl.internal.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:1806)
	at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:986)
	at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1170)
	at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1197)
	at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1181)
	at org.apache.axis.components.net.JSSESocketFactory.create(JSSESocketFactory.java:186)
	at 
...


javax.net.ssl.SSLException: Received fatal alert: protocol_version

I&#39;m writing an application in Java which connects to two web servers via HTTPS. One got a certificate trusted via the default chain of trust, the other uses a self signed certificate. Of course, connecting to the first server worked out of the box, whereas connecting to the server with the self signed certificate did not work until I created a trustStore with the certificate from that server. However, the connection to the by default trusted server does not work any more, because apparently the default trustStore gets to be ignored once I created my own.

One solution I found was to add the certificates from the default trustStore to my own. However, I don&#39;t like this solution, because it requires me to keep managing that trustStore. (I cannot assume these certificates remain static in the foreseeable future, right?)

Apart from that I found two 5 year old threads with a similar problem:

https://stackoverflow.com/questions/1793979/registering-multiple-keystores-in-jvm

https://stackoverflow.com/questions/1788031/how-can-i-have-multiple-ssl-certificates-for-a-java-server

They both go deep into the Java SSL infrastructure. I was hoping that by now there is a more convenient solution which I can explain easily in a security review of my code.

Using a custom truststore in java as well as the default one

I am using ***springBootVersion 1.2.0.RELEASE***.
I&#39;m trying to have my keystore and truststore configured through `application.properties`.

When I add the following settings, I can get the keystore to work, but not the truststore.

    server.ssl.key-store=classpath:foo.jks
    server.ssl.key-store-password=password
    server.ssl.key-password=password
    server.ssl.trust-store=classpath:foo.jks
    server.ssl.trust-store-password=password

However, if I add the truststore through gradle:

    bootRun {
        jvmArgs = [ &quot;-Djavax.net.ssl.trustStore=c://foo.jks&quot;, &quot;-Djavax.net.ssl.trustStorePassword=password&quot;]
    }

it works just fine.

Has anyone used the `application.properties` for trust stores?

Specifying trust store information in spring boot application.properties

I need to use curtom root certificates on the company intranet and loading them in the Mac OS TrustStore (KeyChain) does solve the problem for all browsers and GUI apps.

It seems that it works even with the version of `curl` that ships with Mac OS X but it **doesn&#39;t work with python**, even the version that ships with Mac OS 10.12 Sierra (Python 2.7.10)

Still, it seems that I would be hit by:

    urllib2.URLError: &lt;urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:590)&gt;

## How can I solve this?

Because I encounter this issue in lots and lots of Python tools I would really appreciate if I find a way to avoid it without having to patch them.

Providing the custom CA certificate myself is not an option because I cannot patch tens of Python tools that I use. 

Most of the tools are using the `requests` library but there are a few that are using the native ssl support in Python directly.

Content Type	Original Author	Original Content on Stackoverflow
Question	hooknc	View Question on Stackoverflow
Solution 1 - Java	Lee Chee Kiam	View Answer on Stackoverflow
Solution 2 - Java	Chris	View Answer on Stackoverflow
Solution 3 - Java	user207421	View Answer on Stackoverflow

Why does java have both the cacerts and jssecacerts files?

Java Problem Overview

Java Solutions

Solution 1 - Java

Solution 2 - Java

Solution 3 - Java

jQuery - How do I bind events to hidden elements that will be shown later?

Getting the java.lang.reflect.Method from a ProceedingJoinPoint?

Attributions