Skip to content

Instantly share code, notes, and snippets.

@eric
Last active December 21, 2015 20:39
Show Gist options
  • Save eric/6363123 to your computer and use it in GitHub Desktop.
Save eric/6363123 to your computer and use it in GitHub Desktop.
Steps to get Sentry working over SSL on the JVM

Sentry and the JVM

Unfortunately Java's built-in cacerts do not include StartCom SSL root certificates.

Because of this, you must tell java to trust these certificates.

The easiest way I've found to do it is as follows:

1. Make a copy of the JRE cacerts

$ cp /usr/java/jdk1.7.0_25/jre/lib/security/cacerts ~

2. Download the StartCom SSL certificates

$ wget https://www.startssl.com/certs/ca.crt
$ wget https://www.startssl.com/certs/sub.class1.server.ca.crt
$ wget https://www.startssl.com/certs/sub.class2.server.ca.crt
$ wget https://www.startssl.com/certs/sub.class3.server.ca.crt
$ wget https://www.startssl.com/certs/sub.class4.server.ca.crt

3. Import all of the certificates

The default password for the cacerts store is changeit.

$ keytool -import -storepass changeit -keystore cacerts -file ca.crt -alias startcomca
$ keytool -import -storepass changeit -keystore cacerts -file sub.class1.server.ca.crt -alias startcomclass1ca
$ keytool -import -storepass changeit -keystore cacerts -file sub.class2.server.ca.crt -alias startcomclass2ca
$ keytool -import -storepass changeit -keystore cacerts -file sub.class3.server.ca.crt -alias startcomclass3ca
$ keytool -import -storepass changeit -keystore cacerts -file sub.class4.server.ca.crt -alias startcomclass4ca

4. Put the certificate in resources directory

$ cp ~/cacerts src/main/resources/

5. Load the trust store

In your code, load the trust store:

  TrustStoreLoader.load("/cacerts", "changeit")

Thanks

Thanks to http://stackoverflow.com/a/10077862/312322 for the sample code for loading a new trust store.

package ssl
import javax.net.ssl.{SSLContext, TrustManagerFactory}
import java.security.KeyStore
// For java version see:
// http://stackoverflow.com/a/10077862/312322
object TrustStoreLoader {
def load(path: String, password: String) {
val keystore = KeyStore.getInstance(KeyStore.getDefaultType())
val keystoreStream = this.getClass.getResourceAsStream(path)
keystore.load(keystoreStream, password.toCharArray())
val trustManagerFactory = TrustManagerFactory.getInstance("X509")
trustManagerFactory.init(keystore)
val trustManagers = trustManagerFactory.getTrustManagers()
val sslContext = SSLContext.getInstance("SSL")
sslContext.init(null, trustManagers, null)
SSLContext.setDefault(sslContext)
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment