Thursday, August 04, 2016

How to Generate an SHA-2 (SHA-256) Self-Signed Certificate in Java

I was working on a couple of SSL based issues when I made a couple of observations. The default self-signed key generation in Java does not meet today's requirements for web development.

SHA-1 based certificates (default) are no longer going to be accepted by the majority of browsers. Microsoft has set a deadline of February 2014, Mozilla,  and Chrome on 1 January 2017.

Additionally, a key size of less than 2048 is considered insecure as well, so we need to make sure the key size is at least 2048.

So how do you generate a SHA-2 (SHA-256) certificate in Java? Here is an example below.
keytool -genkey -alias example -keyalg RSA -sigalg SHA256withRSA -keysize 2048 -validity 3650 -keystore keystore.jks
In this example we create a certificate with validity of 10 years. The -sigalg SHA256withRSA is used to set it to SHA-256.

Tuesday, June 28, 2016

Abuse Report Format (ARF) Message Generator

 I have been working on testing a feedback loop, and wanted a simple mechanism to do the testing.

I was surprised that I couldn't find any framework when I was searching to do it. As any good developer, I decided to write my own way of testing it.

The Abuse Report Format (ARF) Message Generator takes a raw email, and sends it back to the server that sent it as an abuse feedback report.

The code requires JavaMail API and Sun DSN API.

The project includes a custom mailcap file to handle the new ARF report format.

The code is located on Github including the sample usage here: arf-message-generator

Friday, June 24, 2016

Log4j2 java.util.logging (JUL) Adapter Example


I was looking for an example of how to implement the java.util.logging (JUL) adapter in a project. This would almost seem to be a no brainer of an idea with lots of examples of how to do it. Alas, I didn't find much of anything. So I thought I would share some wisdom of how to implement the JUL Adapter.


You need to tell the application to use the JUL adapter. There are two easy ways to accomplish this.
  1. The easiest is to pass a VM option to the application: -Djava.util.logging.manager=org.apache.logging.log4j.jul.LogManager
  2. Alternatively, you can use a static initializer in your class. This is important because the value needs to be set before the logger is called.

The code for the project can be found on GitHub here: log4j2-jul-example


Popular Posts