Skip to content

Instantly share code, notes, and snippets.

@eric

eric/README.md

Last active December 21, 2015 20:39
Show Gist options
  • Star 1 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save eric/6363123 to your computer and use it in GitHub Desktop.
Save eric/6363123 to your computer and use it in GitHub Desktop.
Download ZIP
Steps to get Sentry working over SSL on the JVM
Raw
README.md

Sentry and the JVM

Unfortunately Java's built-in cacerts do not include StartCom SSL root certificates.

Because of this, you must tell java to trust these certificates.

The easiest way I've found to do it is as follows:

1. Make a copy of the JRE cacerts

$ cp /usr/java/jdk1.7.0_25/jre/lib/security/cacerts ~

2. Download the StartCom SSL certificates

$ wget https://www.startssl.com/certs/ca.crt
$ wget https://www.startssl.com/certs/sub.class1.server.ca.crt
$ wget https://www.startssl.com/certs/sub.class2.server.ca.crt
$ wget https://www.startssl.com/certs/sub.class3.server.ca.crt
$ wget https://www.startssl.com/certs/sub.class4.server.ca.crt

3. Import all of the certificates

The default password for the cacerts store is changeit.

$ keytool -import -storepass changeit -keystore cacerts -file ca.crt -alias startcomca
$ keytool -import -storepass changeit -keystore cacerts -file sub.class1.server.ca.crt -alias startcomclass1ca
$ keytool -import -storepass changeit -keystore cacerts -file sub.class2.server.ca.crt -alias startcomclass2ca
$ keytool -import -storepass changeit -keystore cacerts -file sub.class3.server.ca.crt -alias startcomclass3ca
$ keytool -import -storepass changeit -keystore cacerts -file sub.class4.server.ca.crt -alias startcomclass4ca

4. Put the certificate in resources directory

$ cp ~/cacerts src/main/resources/

5. Load the trust store

In your code, load the trust store:

  TrustStoreLoader.load("/cacerts", "changeit")

Thanks

Thanks to http://stackoverflow.com/a/10077862/312322 for the sample code for loading a new trust store.

Raw
TrustStoreLoader.scala
package ssl
import javax.net.ssl.{SSLContext, TrustManagerFactory}
import java.security.KeyStore
// For java version see:
// http://stackoverflow.com/a/10077862/312322
object TrustStoreLoader {
def load(path: String, password: String) {
val keystore = KeyStore.getInstance(KeyStore.getDefaultType())
val keystoreStream = this.getClass.getResourceAsStream(path)
keystore.load(keystoreStream, password.toCharArray())
val trustManagerFactory = TrustManagerFactory.getInstance("X509")
trustManagerFactory.init(keystore)
val trustManagers = trustManagerFactory.getTrustManagers()
val sslContext = SSLContext.getInstance("SSL")
sslContext.init(null, trustManagers, null)
SSLContext.setDefault(sslContext)
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment