Make SSL Server Certificate Trusted
Q
How to make a SSL self-signed server certificate trusted? I want the ValidatorException going away.
✍: FYIcenter
A
There are several options to make a self-signed server certificate trusted:
- Send your self-signed certificate to a trusted root CA, like GeoTrust, and ask them to sign it for you.
- Add your self-signed certificate to the default trust root CA keystore file in \local\jdk-1.8.0\jre\lib\security\cacerts, before running the client program.
- Add your self-signed certificate to the JVM property: javax.net.ssl.trustStore, when running the client program.
Below is a demonstration of the last option:
1. Open a command window and run SslServerCmd.java on your local host:
\fyicenter>\local\jdk-1.8.0\bin\java SslServerCmd USAGE: java SslServerCmd [port [clientAuth]] Listening: port=8080, clientAuth=No
2. Save the server certificate in a keystore file for the client program to use:
\fyicenter>\local\jdk-1.8.0\bin\keytool -importcert -file server.crt -alias server -keystore server_crt.jks Enter keystore password: fyicenter Re-enter new password: fyicenter Owner: CN=fyicenter.com, OU=IT, O=FYIcenter, L=NA, ST=NA, C=FR Issuer: CN=fyicenter.com, OU=IT, O=FYIcenter, L=NA, ST=NA, C=FR Serial number: 5ae4a887 Valid from: Sun Jun 25 08:00:08 until: Sat Sep 23 08:00:08 ... Trust this certificate? [no]: yes Certificate was added to keystore
3. Open another command window and run SslClientCmd.java with javax.net.ssl.trustStore system property set to server_crt.jks on your local host:
\fyicenter>\local\jdk-1.8.0\bin\java -Djavax.net.ssl.trustStore=server_crt.jks SslClientCmd localhost 8080 /index.html HTTP/1.0 200 OK Content-Type: text/html Content-Length: 40
No more SSL errors. The client program successfully communicated with the server with all messages encrypted.
2018-06-27, 1004👍, 0💬
Related Topics: