eric/README.md

## README.md

      
    Raw
  

              README.md
            
          
    Sentry and the JVM

Unfortunately Java's built-in cacerts do not include StartCom SSL root certificates.
Because of this, you must tell java to trust these certificates.
The easiest way I've found to do it is as follows:
1. Make a copy of the JRE cacerts

$ cp /usr/java/jdk1.7.0_25/jre/lib/security/cacerts ~

2. Download the StartCom SSL certificates

$ wget https://www.startssl.com/certs/ca.crt
$ wget https://www.startssl.com/certs/sub.class1.server.ca.crt
$ wget https://www.startssl.com/certs/sub.class2.server.ca.crt
$ wget https://www.startssl.com/certs/sub.class3.server.ca.crt
$ wget https://www.startssl.com/certs/sub.class4.server.ca.crt

3. Import all of the certificates

The default password for the cacerts store is changeit.
$ keytool -import -storepass changeit -keystore cacerts -file ca.crt -alias startcomca
$ keytool -import -storepass changeit -keystore cacerts -file sub.class1.server.ca.crt -alias startcomclass1ca
$ keytool -import -storepass changeit -keystore cacerts -file sub.class2.server.ca.crt -alias startcomclass2ca
$ keytool -import -storepass changeit -keystore cacerts -file sub.class3.server.ca.crt -alias startcomclass3ca
$ keytool -import -storepass changeit -keystore cacerts -file sub.class4.server.ca.crt -alias startcomclass4ca

4. Put the certificate in resources directory

$ cp ~/cacerts src/main/resources/

5. Load the trust store

In your code, load the trust store:
  TrustStoreLoader.load("/cacerts", "changeit")
Thanks

Thanks to http://stackoverflow.com/a/10077862/312322 for the sample code for loading a new trust store.

  
## TrustStoreLoader.scala
package ssl

import javax.net.ssl.{SSLContext, TrustManagerFactory}
import java.security.KeyStore

// For java version see:
// http://stackoverflow.com/a/10077862/312322
object TrustStoreLoader {
  def load(path: String, password: String) {
    val keystore = KeyStore.getInstance(KeyStore.getDefaultType())

    val keystoreStream = this.getClass.getResourceAsStream(path)
    keystore.load(keystoreStream, password.toCharArray())

    val trustManagerFactory = TrustManagerFactory.getInstance("X509")
    trustManagerFactory.init(keystore)

    val trustManagers = trustManagerFactory.getTrustManagers()
    val sslContext = SSLContext.getInstance("SSL")
    sslContext.init(null, trustManagers, null)
    SSLContext.setDefault(sslContext)
  }
}
	package ssl

	import javax.net.ssl.{SSLContext, TrustManagerFactory}
	import java.security.KeyStore

	// For java version see:
	// http://stackoverflow.com/a/10077862/312322
	object TrustStoreLoader {
	def load(path: String, password: String) {
	val keystore = KeyStore.getInstance(KeyStore.getDefaultType())

	val keystoreStream = this.getClass.getResourceAsStream(path)
	keystore.load(keystoreStream, password.toCharArray())

	val trustManagerFactory = TrustManagerFactory.getInstance("X509")
	trustManagerFactory.init(keystore)

	val trustManagers = trustManagerFactory.getTrustManagers()
	val sslContext = SSLContext.getInstance("SSL")
	sslContext.init(null, trustManagers, null)
	SSLContext.setDefault(sslContext)
	}
	}