Menu
A client provide me with a HTTPS URL for a service call. I need to make a request to that URL. I know that if the certificate of that URL is from a common provider chances are that it's already available on the default java truststore cacerts.
However I am unsure how to check whether I need to import the certificate or not. How can I check whether a certificate from a website is already in default java truststore \jre1.8\lib\security\cacerts?
427
Java comes bundled with the default keystore called “cacerts”. This keystore is pre-populated with many well-known root CAs. This means that any TLS call to a server whose certificate was issued by a well-known CA will be trusted.
The initial password of the cacerts keystore file is changeit . System administrators should change that password and the default access permission of that file when installing the SDK. Important: Verify your cacerts file.
You can inspect (list) certificates in your cacert keystroke using the java keytool.
keytool -list -v -keystore /path/to/cacerts
keytool has to be in your path, or can be found in the bin directory of your Java Installation (e.g. C:/Program Files (x86)/Java/jre1.8/bin/keytool.exe).
83
Just try to connect to it with URL and HttpsURLConnection, going at least as far as getting the response code, and no fancy trust managers or anything. If it's trusted, you won't have a problem.
Your terminology is astray. All certificates are public. If it's a CA-signed certificate, signed by a CA whose certificate is in cacerts, you don't need to import it.
20
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
