Making JRE trust certificates
Writing by shivdev on Thursday, 8 of September , 2011 at 1:14 am
Let’s say your Java Web Service client wants to make a call (SOAP over SSL/https) to a service running on some server and is using a legitimate certificate or say a self-signed certificate.
Now, your client can either bypass this certificate business by using XTrustProvider.install() or do it the right way by importing the certificate in your JRE_HOME/lib/security/ folder.
Either read the documentation on keytool or read further.
(My snippets below use JDK 1.6.0_26 and are done Windows. You can do equivalent stuff on Linux as well)
To View the list of certificates in the JDK, goto JRE_HOME\lib\security and run the following:
C:\Java\jdk1.6.0_26\jre\lib\security>..\..\bin\keytool keytool -list -keystore cacerts
Enter keystore password:default password is changeit
To Import the certificate into JDK, goto JRE_HOME\lib\security and run the following:
C:\Java\jdk1.6.0_26\jre\lib\security>..\..\bin\keytool -import -alias myTestCert -keystore cacerts -file c:\Temp\Certificates\DER_Cert.cer
Enter keystore password:default password is changeit
Now, your Java Web Service Client should now be able to make the calls over SSL without connection issues.
In case you want to Delete the Certificate:
C:\Java\jdk1.6.0_26\jre\lib\security>..\..\bin\keytool -delete -alias myTestCert -keystore cacerts
Enter keystore password: default password is changeit
More information can be found here: http://sites.google.com/site/ankurrathi/trustingacertificate and also explains how to download certificates if you don’t already have it.
If you’re using Soap UI for testing and you might want to configure SoapUI with client certificate authentication.
Finally your Web Service client might might also need to verify the hostnames as shown below where I trust all hosts.
static { HttpsURLConnection.setDefaultHostnameVerifier(new HostnameVerifier() { public boolean verify(String hostname, SSLSession session) { // Make sure that hostname is valid return true; } }); }
Leave a comment
Category: Java
- Add this post to
- Del.icio.us -
- Digg -
- -
- Tweet -
-
-
No comments yet.
You must be logged in to post a comment.