26 March, 2009

https certificate hassle

Have you ever found yourself banging your head agenst the wall because you just can't make Java trust some https certs. Heres how I did it last time:

1. start with getting server certificates
run: openssl s_client -showcerts -connect [domain_name]:443

2. srom the result copy parts from -----BEGIN CERTIFICATE----- to -----END CERTIFICATE----- (included) and paste it to text file (pem).

3. now add those certs to your java keychain
run: keytool -keystore $JAVA_HOME/bin/lib/security/cacerts -import -file [file_name] -alias [cert_alias]

And there you go!
Posted by at

2 comments:

Mikk said...
This comment has been removed by the author.
01 December, 2009 14:01
Mikk said...

Remember kids, there are to concepts:
truststore and keystore.
Truststore is meant for certificates that you trust.
Keystore is for your own certificates.
Default locations can be overridden with JVM parameters:
-Djavax.net.ssl.trustStore=...
-Djavax.net.ssl.keyStore=...
Overriding is useful when using different JVM-s and you want to use same trust/keystore.

18 December, 2009 16:06

Post a Comment

Subscribe to: Post Comments (Atom)