Using Portelce with a proxy in a corporate environment

Question

Using Portelce with a proxy in a corporate environment

scop opened this issue 9 years ago · 5 comments

We have tried in our company to use Portecle to get the certificate chain to an external server (marketplace.atlassian.com) to avoid errors in reaching that server (see the Atlassian Knowledge Base Entry for details. This article references the tool Portecle (on page Connecting to SSL service).

We have tried to use Portecle, but failed. We think that the need to use a proxy is the reason for that. We tried different variations, but none of them worked:

Defining the proxy as environment variable: set HTTP_PROXY=<our_proxy:8080>
Defining the proxy as Java start parameter: java -Dhttp.proxyHost=<our_proxy> -Dhttp.proxyPort=8080 -jar portecle.jar
Using the proxy as start parameter like: java -jar portecle.jar <our_proxy>:8080

So we have 2 questions here:

Is it possible to use Portecle inside a corporate environment, so that we can use a proxy at all?
If yes, what is the way to define that proxy so that Portecle will use it?

Reported by: malie84

Answer 1 · 2016-02-25T07:59:01.000Z

Portecle does not implement any kind of proxy support itself. Also, it doesn't use a HTTP client for fetching certificates from a connection (because this functionality is not limited to HTTP(S)), so setting the -Dhttp.... variables have no effect. I guess however that if you have a SOCKS proxy, that would work, but I don't have anything to test this with at the moment. See https://docs.oracle.com/javase/8/docs/technotes/guides/net/proxies.html

Original comment by: scop

Answer 2 · 2017-09-25T13:36:58.000Z

Socks Proxy didn't work.

I think Portecle should implement a proxy support for those like us who are behind a proxy.
Here's a sample from Oracle that show how to implement SSL socket with proxy tunneling. (is availalble under jdk 6 and 7 also, didn't change much since jdk6 and needs some tweaking to work)

http://docs.oracle.com/javase/8/docs/technotes/guides/security/jsse/samples/sockets/client/SSLSocketClientWithTunneling.java

Original comment by: nicolas-bw

Answer 3 · 2018-02-22T22:04:29.000Z

+1 for this issue

Answer 4 · 2019-07-25T07:31:10.000Z

Same problem, +1 for this issue.

Answer 5 · 2019-07-27T07:28:09.000Z

I still haven't received any information why socks proxying wouldn't work, but I just tested it and it appears to work fine for me. I set up a local socks proxy using ssh -D 1080 somehost where "somehost" is a host through which a service I'm testing is accessible (it not directly accessible from my test box), let's say "otherhost:443", and started Portecle with java -DsocksProxyHost=localhost -jar portecle.jar, and examining a SSL/TLS connection to "otherhost:443" worked fine.

(BTW the "Socks Proxy didn't work" comment above is not from me even though it shows as such, but from the original "nicolas-bw" poster. The "SSLSocketClientWithTunneling.java" example looks too ugly for my taste to adopt.)