Connecting to HttpsHello.java with IE

This section provides a tutorial example on how to test my HTTPS server program, HttpsHello.java with the IE (Internet Explorer) browser. IE requires the HTTPS certificate's owner name matching the server host name.

Now let's use Internet Explorer (IE) to connect to my HTTPS server program HttpsHello.java.

Test 1 - First run HttpsHello.java again in JDK 1.8 with SSL debug mode turned on:

herong> java -Djavax.net.debug=ssl:record HttpsHello.java

Server started:
Server socket class:
   class com.sun.net.ssl.internal.ssl.SSLServerSocketImpl
   Socket address = 0.0.0.0/0.0.0.0
   Socket port = 8888
   Need client authentication = false
   Want client authentication = false
   Use client mode = false

Then run IE 10 with https://localhost:8888, the browser will try to make a connection and come back with an error message: "This page can't be displayed".

But on the HttpsHello.java execution window, you will this exception:

java.net.SocketException: Connection closed by remote host
  at com.sun.net.ssl.internal.ssl.SSLSocketImpl.checkWrite(U...
  at com.sun.net.ssl.internal.ssl.AppOutputStream.write(Unkn...
  at sun.nio.cs.StreamEncoder$CharsetSE.writeBytes(Unknown S...
  at sun.nio.cs.StreamEncoder$CharsetSE.implFlushBuffer(Unkn...
  at sun.nio.cs.StreamEncoder$CharsetSE.implFlush(Unknown So...
  at sun.nio.cs.StreamEncoder.flush(Unknown Source)
  at java.io.OutputStreamWriter.flush(Unknown Source)
  at java.io.BufferedWriter.flush(Unknown Source)
  at HttpsHello.main(HttpsHello.java:40)

So why my HttpsHello.java is getting this "Connection closed by remote host" exception? The code logic in HttpsHello seems to be correct. According to the output message, the accept() is returning a good SSLSocket. The code reads the first line from the HTTP request, then writes back a HTTP response. This is exactly how we would code for non-SSL HTTP communication.

After testing HttpsHello.java with a network debugger for a number of times, I finally found why HttpsHello.java is not working with IE. The trouble is caused by the self-signed certificate.

When IE reaches a HTTPS server and gets a certificate that failed to pass the validation rules (because the certificate is signed by any trusted CA), it will abandon the connection, and display a security alert to the user. If the user wants to ignore the validation error and continue with the HTTP request, IE will make another connection to the server.

As you can see, HttpsHello.java is not designed to handle this abandoned connection. HttpsHello.java is not aware the fact that the client has already closed the connection, and still tries to write the HTTP response back to the connection. Of course, it will get an exception.

To help IE to avoid the certificate validation issue, we can import my_home.crt into IE as a trusted certificate.

Test 2 - Run IE and click "Tools > Internet Options > Content > Certificates > Trusted Root Certification Authorities".

Click the "Import" button, and import my_home.crt as a trusted certificate.

Now run HttpsHello.java again.

herong> java -Djavax.net.debug=ssl:record HttpsHello

Then run IE 10 with https://localhost:8888, the browser will try to make a connection and come back with a different error message: "There is a problem with this website's security certificate. The security certificate presented by this website was issued for a different website's address."

We are making progress. But IE is still not 100% happy about the certificate, because the subject of the certificate is "Herong Yang" which does not match the host name "localhost". Apparently, IE validates certificate with 3 major rules:

To make IE happy, I repeated the test with another self-signed certificate for "localhost",

Test 3 - Generated a self-signed certificate for "localhost":

herong> keytool -genkeypair -alias my_host -keystore herong.jks

Enter keystore password:  HerongJKS
What is your first and last name?
  [Unknown]:  localhost
What is the name of your organizational unit?
  [Unknown]:  My Unit
What is the name of your organization?
  [Unknown]:  My Home
What is the name of your City or Locality?
  [Unknown]:  My City
What is the name of your State or Province?
  [Unknown]:  My State
What is the two-letter country code for this unit?
  [Unknown]:  US
Is <CN=localhost, OU=My Unit, O=My Home, L=My City, ST=My State,
   C=US> correct?
  [no]:  yes
Enter key password for <my_host>
        (RETURN if same as keystore password):  My1stKey

herong> keytool -exportcert -alias my_host -file my_host.crt
   -keystore herong.jks -storepass HerongJKS

Import my_host.crt into IE as a trusted certificate.

Now run HttpsHello.java again.

herong> java -Djavax.net.debug=ssl:record HttpsHello

Then run IE with https://localhost:8888, the browser will try to make a connection and come back with "Hello world!" this time.

Very nice. Our HttpsHello.java works like a HTTPS server on IE 10 now.

To keep IE clean after finishing tests, we should remove "Herong Yang" and "localhost" certificates. Run IE, and go to "Tools", "Internet Options", "Content", "Certificates", and "Trusted Root Certificate Authorities". You should be able to find them and remove them.

Table of Contents

 About This JDK Tutorial Book

 JDK (Java Development Kit)

 Java Date-Time API

 Date, Time and Calendar Classes

 Date and Time Object and String Conversion

 Number Object and Numeric String Conversion

 Locales, Localization Methods and Resource Bundles

 Calling and Importing Classes Defined in Unnamed Packages

 HashSet, Vector, HashMap and Collection Classes

 Character Set Encoding Classes and Methods

 Character Set Encoding Maps

 Encoding Conversion Programs for Encoded Text Files

 Java Logging

 Socket Network Communication

 Datagram Network Communication

 DOM (Document Object Model) - API for XML Files

 SAX (Simple API for XML)

 DTD (Document Type Definition) - XML Validation

 XSD (XML Schema Definition) - XML Validation

 XSL (Extensible Stylesheet Language)

 Message Digest Algorithm Implementations in JDK

 Private key and Public Key Pair Generation

 PKCS#8/X.509 Private/Public Encoding Standards

 Digital Signature Algorithm and Sample Program

 "keytool" Commands and "keystore" Files

 KeyStore and Certificate Classes

 Secret Key Generation and Management

 Cipher - Encryption and Decryption

 The SSL (Secure Socket Layer) Protocol

 SSL Socket Communication Testing Programs

 SSL Client Authentication

HTTPS (Hypertext Transfer Protocol Secure)

 What Is HTTPS?

 HttpsHello.java - HTTPS Server Test Program

 HttpsClient.java - HTTPS Client Test Program

 HttpsClient.java Failed with JDK 1.8

 Using SO_LINGER Socket Option

 HTTPS Server with Expired Certificate

Connecting to HttpsHello.java with IE

 HttpsEchoer.java - A Better HTTPS Server

 Outdated Tutorials

 References

 Full Version in PDF/EPUB