powered by Jive Software

Forcing Spark to check server''s certificate against trusted root certificat

How can I force Spark to check if server’'s certificate is signed by our organization Certification Authority and warn user if it is not trusted (if there is no trusted root certification authority certificate on user PC). Currently Spark does not give any warning about untrusted server as long as server has not self-signed certificate.

Any ideas ?

I would also be extremely interested in this or any information on how to achieve it with another client.

At the moment it seems that there really isn’'t any client that would easily let user to see server certificate or warn user if the server has a self signed certificate. Only client that did this in my tests today was Psi.

Isn’'t this a threat and allow a man in the middle type of scenario to happen even in a quite trivial way?

Is there something that I am not noticing that would prevent it from happening ?

I took a look at the Spark and Smack code - and found out that what is needed is already available in the Smack-api.

If one sets for the ConnectionConfiguration following booleans:

config.setSelfSignedCertificateEnabled(false);

config.setVerifyChainEnabled(true);

config.setVerifyRootCAEnabled(true);

Then certificates are checked as supposed.

In Spark connectionConfiguration is used in two places - LoginDialog.java and AccountCreationWizard.java. I did a quick test and confirmed that I’'m no longer unable to connect to my server that has a self signed certificate – just as I would expect.

However Spark gives “Invalid username / password” errormessage to user - though there is SSLHandshake error.

“javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: root certificate not trusted of huimaconsulting.com

My suggestion is that it would be a configurable option in Spark to check the certificate chain and root certificate - and show visually to user whether one can really trust the communication.

Any thoughts?