How To: Add certificate to Java in linux

During developing of system sometimes there is need to use HTTPS connection to the client. However at stagging environment most probably there will be no HTTPS available or certificates are not properly signed.

 

Working in Java with no verification check of certificate

At first step there is possibility to add in Java code disabling of certificate validation. However this option should be used only during development mode. So finally at production certificate should be verified.

To achieve that there is possibility to do that in code. Sample code may look like:

org.apache.cxf.endpoint.Client proxy = ClientProxy.getClient(client);
			HTTPConduit conduit = (HTTPConduit) proxy.getConduit();
			conduit.getClient().setConnectionTimeout(1000 * 30);
			conduit.getClient().setReceiveTimeout(1000 * 30);
			if (!isCert) {
				TLSClientParameters tcp = new TLSClientParameters();
				TrustManager[] trustAllCerts = new TrustManager[] { new DefaultTrustManager() };
				tcp.setTrustManagers(trustAllCerts);
				conduit.setTlsClientParameters(tcp);
			}
			AuthorizationPolicy authorization = new AuthorizationPolicy();
			authorization.setUserName(user);
			authorization.setPassword(pass);
			conduit.setAuthorization(authorization);
			proxy.getRequestContext().put("org.apache.cxf.http.no_io_exceptions", "true");
In client code

Where class used will be:

	class DefaultTrustManager implements X509TrustManager {

		/*
		 * (non-Javadoc)
		 *
		 * @see
		 * javax.net.ssl.X509TrustManager#checkClientTrusted(java.security.cert
		 * .X509Certificate[], java.lang.String)
		 */

		@Override
		public void checkClientTrusted(java.security.cert.X509Certificate[] chain, String authType)
				throws java.security.cert.CertificateException {
			// TODO Auto-generated method stub

		}
		/*
		 * (non-Javadoc)
		 *
		 * @see
		 * javax.net.ssl.X509TrustManager#checkServerTrusted(java.security.cert
		 * .X509Certificate[], java.lang.String)
		 */

		@Override
		public void checkServerTrusted(java.security.cert.X509Certificate[] chain, String authType)
				throws java.security.cert.CertificateException {
			// TODO Auto-generated method stub

		}
		/*
		 * (non-Javadoc)
		 *
		 * @see javax.net.ssl.X509TrustManager#getAcceptedIssuers()
		 */

		@Override
		public java.security.cert.X509Certificate[] getAcceptedIssuers() {
			// TODO Auto-generated method stub
			return null;
		}

	}
Fake Trust Manager

 

So just change isCert to true at production, for example using properties.

 

Add Certificate in linux

When you will have a valid certificate, then just change flag isCert to true. In linux your certificate has to be added to know certificated in java. At first make sure that certificate is in PEM format. It should look like:

-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----

Next copy certificate to server in example to /root directory and add it to java.

 /opt/java/jdk/bin/keytool -importcert -trustcacerts -alias YourCertificateName -file /root/YourCertificateName.pem -keystore /opt/java/jdk/jre/lib/security/cacerts

Default password that you will be asked for is: changeit

 

In case that you don’t know where java is located you may look for it using:

whereis java

or using any other method.

 

Remember to use at production environment always trusted certificates.

 

 

 

Posted in: Simple How To

Tagged as:

Advertisements
How To: Add certificate to Java in linux

Did you ever used https client?

Thank you for the vote!

Leave a Reply

Be the First to Comment!

Leave a Reply

  Subscribe  
Notify of