Create a gist now

Instantly share code, notes, and snippets.

Test of java SSL / keystore / cert setup. Check the commet #1 for howto.
/** Establish a SSL connection to a host and port, writes a byte and
* prints the response. See
public class SSLPoke {
public static void main(String[] args) {
if (args.length != 2) {
System.out.println("Usage: "+SSLPoke.class.getName()+" <host> <port>");
try {
SSLSocketFactory sslsocketfactory = (SSLSocketFactory) SSLSocketFactory.getDefault();
SSLSocket sslsocket = (SSLSocket) sslsocketfactory.createSocket(args[0], Integer.parseInt(args[1]));
InputStream in = sslsocket.getInputStream();
OutputStream out = sslsocket.getOutputStream();
// Write a test byte to get a reaction :)
while (in.available() > 0) {
System.out.println("Successfully connected");
} catch (Exception exception) {
4ndrej commented Jan 16, 2013

Test of java SSL / keystore / cert setup. Came from


  1. extract cert from server:
    openssl s_client -connect server:443
  2. negative test cert / keytool:
    java SSLPoke server 443
    you should get something like PKIX path building failed: unable to find valid certification path to requested target
  3. import cert into default keytool:
    keytool -import -alias -keystore $JAVA_HOME/jre/lib/security/cacerts
  4. positive test cert / keytool:
    java SSLPoke server 443
    you should get this:
    Successfully connected
jdros commented May 21, 2015

Thanks! Helped us to debug a cert issue.


Doesn't seems work as I thought it should work. it doesn't check if the server certificate is matching with the parameter.


java SSLPoke ip.address.of.sslserver 443
Successfully connected

So it doesn't really check the certificate?

bekce commented Nov 5, 2015

@jackchen858 +1 It does not


It did not work for me.

I always get Successfully connected msg

janeklb commented Jan 12, 2016

Make sure you run this with the right java in case you have multiple installations


Works brilliantly. Thanks

smeduru commented May 11, 2016

Thanks a lot. Followed your instructions. Fix worked perfectly.

dadez commented Nov 29, 2016

How to use it behind a proxy ?

joerg commented Jan 19, 2017

For those not living in the Java World here is how I compiled and used this:

  • Copy code to somewhere
  • Call Java compiler /usr/java/jdk1.6.0_45/bin/javac /tmp/ (use your version of Java here)
  • Call tool with ClassPath (-cp) that you copied the file to: /usr/java/jdk1.6.0_45/bin/java -cp /tmp SSLPoke 443

Very useful thanks.

A note however, instead of updating the java JRE/JDK installation's keystore, best practices dictates that you should define your own truststore (if you have company CA or application certificates for example):

# import certificate into your local TrustStore
keytool -import -trustcacerts -storepass changeit -file "./class 1 root ca.cer" -alias C1_ROOT_CA -keystore ./LocalTrustStore
# use it in JAVA:
java -jar SSLPoke.jar $HOST $PORT
jmara commented Feb 27, 2017

Will the default trustStore be overwritten by or is the new trustStore an addition to the default one? @Tzaphkiel

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment