Connecting to an untrusted certificate in java

Reposted from here

I was getting errors(unable to find valid certification path to requested target) in Alfresco trying to connect to LDAP over ssl using an untrusted certificate and found a great hint on the interwebs that I thought I’d share.

Most of the hits on google mention this post: https://blogs.sun.com/gc/entry/unable_to_find_valid_certification

My only criticism of that article is that it only minimally addresses how to actually use the fixed keystore. I downloaded their source and hacked it up a little change the name of the certificate store from “jssecacerts” into “cacert” which is the default certificate store for all java programs. My goal was to fix the certificate store for the entire machine.

To install an untrusted certificate into your keystore the process is like this:

# Download attached java source to machine

$ javac InstallCert.java

# Backup the current castore

$ sudo cp $JAVA_HOME/jre/lib/security/cacerts $JAVA_HOME/jre/lib/security/cacerts.bak

$ sudo mv $JAVA_HOME/jre/lib/security/cacerts .

$ sudo java InstallCert <HOST>:<PORT>

# Program is really straight forward

# You can check that it worked by running the same program again, it will tell you if it’s already installed

# You can check the count of the number of certificates before and after running this:

# $ keytool -list -keystore cacerts

$ sudo mv cacerts $JAVA_HOME/jre/lib/security/

# Now just restart your JVM (Alfresco) and it should be able to reach the previously unreachable URL.

Connecting to an untrusted certificate in java

Pin It on Pinterest

Sharing is caring