How to import a .cer certificate into a java keystore?
- If you want to authenticate you need the private key - there is no other option.
- A certificate is a public key with extra properties (like company name, country,...) that is signed by some Certificate authority that guarantees that the attached properties are true.
.CER
files are certificates and don't have the private key. The private key is provided with a.PFX keystore
file normally.
If you really authenticate is because you already had imported the private key.You normally can import
.CER
certificates without any problems withkeytool -importcert -file certificate.cer -keystore keystore.jks -alias "Alias"
Accept server's self-signed ssl certificate in Java client
You have basically two options here: add the self-signed certificate to your JVM truststore or configure your client to
Option 1
Export the certificate from your browser and import it in your JVM truststore (to establish a chain of trust):
<JAVA_HOME>\bin\keytool -import -v -trustcacerts
-alias server-alias -file server.cer
-keystore cacerts.jks -keypass changeit
-storepass changeit
Option 2
Disable Certificate Validation (code from Example Depot):
// Create a trust manager that does not validate certificate chains
TrustManager[] trustAllCerts = new TrustManager[] {
new X509TrustManager() {
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
return new X509Certificate[0];
}
public void checkClientTrusted(
java.security.cert.X509Certificate[] certs, String authType) {
}
public void checkServerTrusted(
java.security.cert.X509Certificate[] certs, String authType) {
}
}
};
// Install the all-trusting trust manager
try {
SSLContext sc = SSLContext.getInstance("SSL");
sc.init(null, trustAllCerts, new java.security.SecureRandom());
HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
} catch (GeneralSecurityException e) {
}
// Now you can access an https URL without having the certificate in the truststore
try {
URL url = new URL("https://hostname/index.html");
} catch (MalformedURLException e) {
}
Note that I do not recommend the Option #2 at all. Disabling the trust manager defeats some parts of SSL and makes you vulnerable to man in the middle attacks. Prefer Option #1 or, even better, have the server use a "real" certificate signed by a well known CA.
Related Topics
How to Change Jdk Version for an Eclipse Project
Which Cipher Suites to Enable for Ssl Socket
How to Add Jradiobutton to Group in Jtable
Hibernate Opensession() VS Getcurrentsession()
When Should One Use Final for Method Parameters and Local Variables
Why Is "Extends T" Allowed But Not "Implements T"
What Is the "Owning Side" in an Orm Mapping
Java Time-Based Map/Cache with Expiring Keys
Arithmeticexception: "Non-Terminating Decimal Expansion; No Exact Representable Decimal Result"
Why am I Getting Inputmismatchexception
Eclipse 2021-09 Code Completion Not Showing All Methods and Classes
Handling Passwords Used for Auth in Source Code
Overload with Different Return Type in Java
Does the Jvm Prevent Tail Call Optimizations