Make SSL Server Certificate Trusted

Q

How to make a SSL self-signed server certificate trusted? I want the ValidatorException going away.

✍: FYIcenter

A

There are several options to make a self-signed server certificate trusted:

  • Send your self-signed certificate to a trusted root CA, like GeoTrust, and ask them to sign it for you.
  • Add your self-signed certificate to the default trust root CA keystore file in \local\jdk-1.8.0\jre\lib\security\cacerts, before running the client program.
  • Add your self-signed certificate to the JVM property: javax.net.ssl.trustStore, when running the client program.

Below is a demonstration of the last option:

1. Open a command window and run SslServerCmd.java on your local host:

\fyicenter>\local\jdk-1.8.0\bin\java SslServerCmd

USAGE: java SslServerCmd [port [clientAuth]]
Listening: port=8080, clientAuth=No

2. Save the server certificate in a keystore file for the client program to use:

\fyicenter>\local\jdk-1.8.0\bin\keytool 
   -importcert -file server.crt -alias server -keystore server_crt.jks

Enter keystore password: fyicenter
Re-enter new password: fyicenter
Owner: CN=fyicenter.com, OU=IT, O=FYIcenter, L=NA, ST=NA, C=FR
Issuer: CN=fyicenter.com, OU=IT, O=FYIcenter, L=NA, ST=NA, C=FR
Serial number: 5ae4a887
Valid from: Sun Jun 25 08:00:08 until: Sat Sep 23 08:00:08
...
Trust this certificate? [no]: yes
Certificate was added to keystore

3. Open another command window and run SslClientCmd.java with javax.net.ssl.trustStore system property set to server_crt.jks on your local host:

\fyicenter>\local\jdk-1.8.0\bin\java 
   -Djavax.net.ssl.trustStore=server_crt.jks SslClientCmd localhost 8080 /index.html

HTTP/1.0 200 OK
Content-Type: text/html
Content-Length: 40

No more SSL errors. The client program successfully communicated with the server with all messages encrypted.

 

What Is Client Certificate Authentication

Connect to SSL Server Failed with Invalid Certificate

Examples for jsse.jar - Java Secure Socket Extension

⇑⇑ FAQ for jsse.jar - Java Secure Socket Extension

2018-06-27, 1259👍, 0💬