Make a SSL certificate visible to your app

gistfile1.txt

Since the server is using https, we need to:
1/ obtain the certificate from the server, 
2/ add this certificate to java's default trusted store
3/ restart the server


1/ obtain the certificate from the server

Here's a recipe that can be used when you're stuck with the command-line, as is generally the case if you're configuring a server:

 * Create the following file to help you get the certificate, let's name it `retrieve-cert.sh`:

        #!/bin/sh
        #
        # usage: retrieve-cert.sh remote.host.name [port]
        #
        REMHOST=$1
        REMPORT=${2:-443}
        
        echo |\
        openssl s_client -connect ${REMHOST}:${REMPORT} 2>&1 |\
        sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p'

 * Call the file with the IP of the server (let's say it's 10.235.246.123 for the example), the port (generally 443 for https), and send the output to some file, let's name it server.pem:

        sh retrieve-cert.sh  10.235.246.123 443 > server.pem


2/ add this certificate to java's default trusted store

 * each Java Development Kit installation (whose home directory is generally known as `${JAVA_HOME}`) has a default certificate trusted store, located in `${JAVA_HOME}/security/cacerts`
 * and by default  a JVM when started will load all the certificates present in this trusted store
 * so you'll just type the following command, which will add the server's certificate located in file `server.pem` to this default trusted store:

        JAVA_HOME=/path/to/your/java/home # e.g. for ubuntu it'll be /etc/java-6-sun
        CERTIFICATE_ALIAS="some-alias-for-your-certificate-inside-the-trusted-store"
        sudo ${JAVA_HOME}/bin/keytool -import -alias ${CERTIFICATE_ALIAS} -keystore ${JAVA_HOME}/security/cacerts -file server.pem 
 * the default password for the JDK's cacert keystore is `changeit`