Make SSL Server Certificate Trusted

Home > Security > Network

Q

How to make a SSL self-signed server certificate trusted? I want the ValidatorException going away.

✍: FYIcenter

A

There are several options to make a self-signed server certificate trusted:

Send your self-signed certificate to a trusted root CA, like GeoTrust, and ask them to sign it for you.
Add your self-signed certificate to the default trust root CA keystore file in \local\jdk-1.8.0\jre\lib\security\cacerts, before running the client program.
Add your self-signed certificate to the JVM property: javax.net.ssl.trustStore, when running the client program.

Below is a demonstration of the last option:

1. Open a command window and run SslServerCmd.java on your local host:

\fyicenter>\local\jdk-1.8.0\bin\java SslServerCmd

USAGE: java SslServerCmd [port [clientAuth]]
Listening: port=8080, clientAuth=No

2. Save the server certificate in a keystore file for the client program to use:

\fyicenter>\local\jdk-1.8.0\bin\keytool 
   -importcert -file server.crt -alias server -keystore server_crt.jks

Enter keystore password: fyicenter
Re-enter new password: fyicenter
Owner: CN=fyicenter.com, OU=IT, O=FYIcenter, L=NA, ST=NA, C=FR
Issuer: CN=fyicenter.com, OU=IT, O=FYIcenter, L=NA, ST=NA, C=FR
Serial number: 5ae4a887
Valid from: Sun Jun 25 08:00:08 until: Sat Sep 23 08:00:08
...
Trust this certificate? [no]: yes
Certificate was added to keystore

3. Open another command window and run SslClientCmd.java with javax.net.ssl.trustStore system property set to server_crt.jks on your local host:

\fyicenter>\local\jdk-1.8.0\bin\java 
   -Djavax.net.ssl.trustStore=server_crt.jks SslClientCmd localhost 8080 /index.html

HTTP/1.0 200 OK
Content-Type: text/html
Content-Length: 40

No more SSL errors. The client program successfully communicated with the server with all messages encrypted.

⇒ What Is Client Certificate Authentication

⇐ Connect to SSL Server Failed with Invalid Certificate

⇑ Examples for jsse.jar - Java Secure Socket Extension

⇑⇑ FAQ for jsse.jar - Java Secure Socket Extension

2018-06-27, ∼2027🔥, 0💬

SslCipherList.java - SSL Cipher List
How to get a list of SSL ciphers supported in jsse.jar? You can use the following sample Java code to a list of SSL ciphers supported in jsse.jar: // Copyright (c) FYIcenter.com import java.net.*; import java.io.*; import javax.net.ssl.*; public class SslCipherList { public static void main(String[]... 2018-03-31, ∼2876🔥, 0💬

SslClientCmd.java - SSL Client Command Example
How to create an SSL client program to run like a command? Here is an SSL client example program you can run like a command to communicate to any HTTPS web server: // Copyright (c) FYIcenter.com import java.net.*; import java.io.*; import javax.net.ssl.*; public class SslClientCmd { public static vo... 2018-03-31, ∼2575🔥, 0💬

Key Manager Not Sending Client Certificate
Why the Key Manager is not sending the client certificate to the SSL server? I have provided a keystore file with the client certificate inside. JSSE documentation does not provide any details on how the Key Manager selects a certificate and sends it the SSL server. But rxg provided a good explanati... 2018-06-12, ∼2378🔥, 0💬

What Is Client Certificate Authentication
What Is Client Certificate Authentication? Client Certificate Authentication is an extra layer of security protection added to the normal SSL socket communication. In a normal SSL socket communication: The client is asking for the server to show server certificate. The client validates the server ce... 2018-06-27, ∼2270🔥, 0💬

Create SSL Server Certificate with "keytool"
How to create an SSL Server Certificate with JDK "keytool"? I want to run a SSL socket server program. "keytool" from the JDK package is a nice tool to create public and private key pairs. It also allows you that create self-sign server certificates that you can use as SSL server certificates. Here ... 2018-06-27, ∼2070🔥, 0💬

Create SSL Client Certificate with "keytool"
How to create an SSL Client Certificate with JDK "keytool"? I want to run a SSL socket client program that requires client authentication. "keytool" from the JDK package is a nice tool to create public and private key pairs. It also allows you that create self-sign client certificates that you can u... 2018-06-12, ∼2067🔥, 0💬

Make Client Certificate Trusted by SSL Server
How to make a self-signed client certificate trusted by the SSL server? I want to help Key Manager to send out the client certificate and accepted by the SSL server. There are several options to make a self-signed certificate trusted by the SSL Server: Send your self-signed certificate to a trusted ... 2018-06-12, ∼2061🔥, 0💬

Make SSL Server Certificate Trusted
How to make a SSL self-signed server certificate trusted? I want the ValidatorException going away. There are several options to make a self-signed server certificate trusted: Send your self-signed certificate to a trusted root CA, like GeoTrust, and ask them to sign it for you. Add your self-signed... 2018-06-27, ∼2028🔥, 0💬

Connect to SSL Server Failed with Invalid Certificate
Why am I getting the ValidatorException error when connecting to an SSL server? You are getting a ValidatorException error when connecting to an SSL server, because the server certificate can not be trusted for one of the following possible reasons: The root CA of the server certificate is unknown. ... 2018-06-27, ∼1984🔥, 0💬

All rights in the contents of this web site are reserved by the individual author. FYIcenter.com does not guarantee the truthfulness, accuracy, or reliability of any contents.