I’ve described a way to install a self-signing SSL certificate using OpenSSL for testing purposes. When connecting to a web server using a web browser client, it is straight forward to add the “fake” certificate (just follow the instructions on the browser screen). However, in a Java application, it’s a little bit more work.
The procedure is the following:
- Obtain the SSL certificate from the website administrator. Alternatively, use the browser:
- Browse the URL, for example: https://www.testmachine.com
- When the security window popup appears, just click ‘continue’.
- The browser has an option to view the certificate. With Internet Explorer 7, next to the Address Bar there’s a “Certificate Error” button. Press that and view certificate. With Firefox, click on the yellow lock at the bottom of the screen.
- Go to the Details tab.
- Click on “Copy to File”. In Firefox, click on the “Export” button.
- Save the file as “website.cert”
- Copy the Cert file to where the Java client is going to be executed.
- Go to the JRE (Java Run Time) library under lib/security, for example: /usr/local/jdk_1.4.3/jre/lib/security/
- The certs are stored in a file called “cacerts”.
- Run the keytool app to import the “website.cert” file that was exported earlier from a web browser:
keytool -import -alias websiteAlias -keystore cacerts -file website.cert
- Enter the default password: changeit
- Check the content of the new “cacerts” file using:
keytool -list -keystore cacerts
- Test it. If it’s a web container (i.e. Tomcat), restart the JVM.
Webapper site has a short Java client test code, and a quick procedure to compile/run a client to test it.