Share

April 3, 2011

Java: Ignore/Trust an invalid SSL cert for https communication

Very Once a while you will need your Java app to talk to a pre prod server (Web Service) over https, but you face the issue is that SSL is not a valid/expired/self signed cert...

You may get an error that looks like




You can add code to your app to ignore it or you can ask java to ignore that server's bad cert... The following is how i get java to ignore that invalid cert.

How to Ignore/Trust a Single Cert

WINDOWS
"%JAVA_HOME%\bin\keytool" -import -keystore "%JAVA_HOME%\jre\lib\security\cacerts" -alias abc-dev -file abc-dev.cer

MAC
sudo $JAVA_HOME/bin/keytool -import -keystore $JAVA_HOME/lib/security/cacerts -alias abc-dev -file abc-dev.cer

CentOS/Linux
sudo $JAVA_HOME/bin/keytool -import -keystore $JAVA_HOME/jre/lib/security/cacerts -alias abc-dev -file abc-dev.cer


How To Ignore/Trust a CA root certificate
--Note: there maybe multi files for a CA cert so do the following command for each file.

WINDOWS
"%JAVA_HOME%\bin\keytool" -import -trustcacerts -alias myCA -file myCA.cer.txt -keystore
"%JAVA_HOME%\jre\lib\security\cacerts"

MAC
sudo $JAVA_HOME/bin/keytool -import -trustcacerts -alias myCA -file myCA.cer.txt -keystore
$JAVA_HOME/lib/security/cacerts

CentOS/Linux
sudo $JAVA_HOME/bin/keytool -import -trustcacerts -alias myCA -file myCA.cer.txt -keystore
$JAVA_HOME/jre/lib/security/cacerts

4 comments:

  1. This isn't really ignoring the cert but trusting an untrusted cert.

    ReplyDelete
  2. Chris, you are correct, I updated the posting.. Thanks again for the correction

    ReplyDelete
  3. To ignore invalid or self-signed SSL certificates you need a bit more of coding ;)

    If you are interested you can check here: http://ctasada.blogspot.com/2010/11/httpclient-use-self-signed-certificates.html

    Cheers.

    ReplyDelete
  4. This little nugget has proven great for reference several times.

    ReplyDelete