RSS

Tag Archives: certificate

How to make the java runtime to trust the certificate present by the host


URL -https://my-site.com/test

Let’s start with simple example. If you invoke above URL through your simple java application you will simply get the SSLHandshakeException because it is exposed as https endpoint and the java runtime is not going to trust the certificate that present through the URL call. So before you invoke the service you have to present the certificate to your java runtime to trust the certificate. Then when ever you call the URL it will trust the certificate. You can do this in two different ways as follows.

  1. Download and import the certificate to your java runtime certificate store.
  2. Write the code in your program to trust the certificate provided by the host.

1. Download and import the certificate to your java runtime certificate store.

First of all you have to download the certificate from the host. In order to do that you can simply go to the URL through the browser and then download the certificate to your local machine as .cer file.

In Chrome browser you can simply go to the certificate as follows and drag and drop to the local folder. I choose the https://google.com as a example.

1

2

So once you have downloaded the certificate  you should be able to use the keytool to import the certificate.

keytool -import -alias google -keystore ${PATH_TO_JDK}/jre/lib/security/cacerts -file ${PATH_TO_CERT_FILE}

You have to provide the keystore password as “changeit” unless you have customized it.

ex/

keytool -import -alias google -keystore /Library/Java/JavaVirtualMachines/jdk1.8.0_111.jdk/Contents/Home/jre/lib/security/cacerts -file /Users/dmalalan/Documents/www.google.com.cer

3

screen-shot-2017-01-14-at-11-48-44-am

2. Write the code in your program to trust the certificate provided by the host

You need to use the following code sample before you invoke the URL. This is just allow the runtime to trust all the certificates presented by the host but you need to be careful with this approach because host can present the bogus certificates.

screen-shot-2017-01-14-at-11-55-53-am

References : sample code & sample instructions

Advertisements
 
Leave a comment

Posted by on January 14, 2017 in java, Other, web

 

Tags: , , ,

 
%d bloggers like this: