Trust a self-signed certificate with a Java HttpsURLConnection

When creating a custom SSLSocketFactory or modifing the application in any other way is not an option

This example uses a Tomcat server listing for HTTPS connections on port 8443 but should work anywhere.

Retrieve the public key:

$openssl s_client -connect localhost:8443, then create a file localhost.pem that looks like

BEGIN CERTIFICATE-----
lklkkkllklklklklllkllklkl
lklkkkllklklklklllkllklkl
lklkkkllklk
END CERTIFICATE

Import the key:

#keytool -import -alias localhost-selfsigned -keystore $JAVA_HOME/jre/lib/security/cacerts -file localhost.pem

When promted for password, write changeit

Restart JVM / Application server instance.

References: http://stackoverflow.com/questions/859111/how-do-i-accept-a-self-signed-certificate-with-a-java-httpsurlconnection

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: