SSL From Java Client

java_sslI’ve described a way to install a self-signing SSL certificate using OpenSSL for testing purposes.  When connecting to a web server using a web browser client, it is straight forward to add the “fake” certificate (just follow the instructions on the browser screen).  However, in a Java application, it’s a little bit more work.

The procedure is the following:

  • Obtain the SSL certificate from the website administrator.  Alternatively, use the browser:
  1. Browse the URL, for example:  https://www.testmachine.com
  2. When the security window popup appears, just click ‘continue’.
  3. The browser has an option to view the certificate.  With Internet Explorer 7, next to the Address Bar there’s a “Certificate Error” button.  Press that and view certificate.  With Firefox, click on the yellow lock at the bottom of the screen.
  4. Go to the Details tab.
  5. Click on “Copy to File”.  In Firefox, click on the “Export” button.
  6. Save the file as “website.cert”
  • Copy the Cert file to where the Java client is going to be executed.
  • Go to the JRE (Java Run Time) library under lib/security, for example: /usr/local/jdk_1.4.3/jre/lib/security/
  • The certs are stored in a file called “cacerts”.
  • Run the keytool app to import the “website.cert” file that was exported earlier from a web browser:

keytool -import -alias websiteAlias -keystore cacerts -file website.cert

  • Enter the default password: changeit
  • Check the content of the new “cacerts” file using:

keytool -list -keystore cacerts

  • Test it.   If it’s a web container (i.e. Tomcat), restart the JVM.

Webapper site has a short Java client test code, and a quick procedure to compile/run a client to test it.