Import SSL Certificates in Java

Filed under: Java

SSL certificates which are not signed by a top-level CA cause troubles. For example browsers display a warning about the untrusted certificate and users have to click “accept for this session” or import it to their trusted certifiates. In Java, things are similar: You have to tell Java to accept an untrusted certificate by importing it into the JRE truststore. However, this is not as easy and straight forward as is could be, so I thought Iwrite up a short howto:

  1. Import certificate first. Please note that the default store password is changit (I think this password won’t be changed on 99,9% of all Java installations).
    C:\> keytool -import -alias test -file untrusted_cert.cer -keystore C:\j2sdk1.4.2_06\jre\lib\security\cacerts -storepass changeit -noprompt
  2. Tell your JVM on startup to use the cacerts file (which is in the JRE installation directory) using the following parameters:
    -Djavax.net.ssl.trustStore=C:\j2sdk1.4.2_10\jre\lib\security\cacerts \
    -Djavax.net.ssl.trustStorePassword=changeit \
    -Djavax.net.debug=ssl    // that’s for debugging only

Especially the second bit is not obvious, as you might think that Java would automatically use the cacerts truststore…

But once you know it its not that hard anymore - and now you know it. :-)

Jan 19, 2006 at 19:25 | Permalink

Leave a Comment

(Required, Why?)

(Required)

(Optional)

Some HTML allowed:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <code> <em> <i> <strike> <strong>

Trackback this post  |  Subscribe to the comments via RSS Feed