Making JRE trust certificates

Writing by on Thursday, 8 of September , 2011 at 1:14 am

Let’s say your Java Web Service client wants to make a call (SOAP over SSL/https) to a service running on some server and is using a legitimate certificate or say a self-signed certificate.

Now, your client can either bypass this certificate business by using XTrustProvider.install() or do it the right way by importing the certificate in your JRE_HOME/lib/security/ folder.

Either read the documentation on keytool or read further.
(My snippets below use JDK 1.6.0_26 and are done Windows. You can do equivalent stuff on Linux as well)

To View the list of certificates in the JDK, goto JRE_HOME\lib\security and run the following:

C:\Java\jdk1.6.0_26\jre\lib\security>..\..\bin\keytool keytool -list -keystore cacerts
Enter keystore password:default password is changeit

To Import the certificate into JDK, goto JRE_HOME\lib\security and run the following:

C:\Java\jdk1.6.0_26\jre\lib\security>..\..\bin\keytool -import -alias myTestCert -keystore cacerts -file c:\Temp\Certificates\DER_Cert.cer
Enter keystore password:default password is changeit

Now, your Java Web Service Client should now be able to make the calls over SSL without connection issues.

In case you want to Delete the Certificate:

C:\Java\jdk1.6.0_26\jre\lib\security>..\..\bin\keytool -delete -alias myTestCert -keystore cacerts
Enter keystore password: default password is changeit

More information can be found here: http://sites.google.com/site/ankurrathi/trustingacertificate and also explains how to download certificates if you don’t already have it.

If you’re using Soap UI for testing and you might want to configure SoapUI with client certificate authentication.

Finally your Web Service client might might also need to verify the hostnames as shown below where I trust all hosts.

static  {
		HttpsURLConnection.setDefaultHostnameVerifier(new HostnameVerifier() {
			public boolean verify(String hostname, SSLSession session) {
				// Make sure that hostname is valid
				return true;
			}
		});
	}

Leave a comment

Category: Java

No Comments

No comments yet.

Leave a comment

You must be logged in to post a comment.

Shivdev Kalambi's Blog

Shivdev Kalambi is a Software Development Manager, previously a Principal Software Engineer at ArcSight/HP. With over 16 years' experience in software development, he's worked on several technologies and played different roles and contributed to all phases of projects. Non-tech activies include Ping-pong, Rock Climbing and Yoga at PG, Golf, Skiing, Swimming & a beer enthusiast.