Adding CACert to the Java Trusted Store
http://www.cacert.org/ is a great way to easily create free SSL certificates for development work. In order to successfully connect from Java program using SSL to a server carrying a certificate issued by CACert you need to “bless” the certiticate, or make it trusted by your your local Java JRE installation.
Let’s first make sure we are in the lib/security subdirectory of the currently running JRE:
> cd $JDK_HOME\jre\lib\security
Then, download the certificate file to your local computer:
$JDK_HOME\jre\lib\security> wget http://www.cacert.org/certs/root.crt--2010-03-16 09:24:40-- http://www.cacert.org/certs/root.crtResolving http://www.cacert.org... 213.154.225.245Connecting to http://www.cacert.org|213.154.225.245|:80... connected.HTTP request sent, awaiting response... 200 OKLength: 2569 (2.5K) [application/x-x509-ca-cert]Saving to: `root.crt'100%[======================================>] 2,569 15.4K/s in 0.2s2010-03-16 09:24:41 (15.4 KB/s) - `root.crt' saved [2569/2569]
Now let’s import the certificate into the JRE keystore (note the password of the default JRE keystore — it’s different on different platforms):
$JDK_HOME\jre\lib\security> keytool -import -keystore cacerts -storepass changeit -alias cacert-root1 -trustcacerts -file root.crt Owner: EMAILADDRESS=support@cacert.org, CN=CA Cert Signing Authority, OU=http://www.cacert.org, O=Root CAIssuer: EMAILADDRESS=support@cacert.org, CN=CA Cert Signing Authority, OU=http:/ /www.cacert.org, O=Root CA Serial number: 0 Valid from: Sun Mar 30 04:29:49 PST 2003 until: Tue Mar 29 05:29:49 PDT 2033 Certificate fingerprints: MD5: A6:1B:37:5E:39:0D:9C:36:54:EE:BD:20:31:46:1F:6B SHA1: 13:5C:EC:36:F4:9C:B8:E9:3B:1A:B2:70:CD:80:88:46:76:CE:8F:33 Trust this certificate? [no]: yes Certificate was added to keystore
Now you are ready to start sending Java SSL requests to your server.
Advertisement
