- get the certificate of http service using any method
- load this certificate into your jdk cacert (usually /foo/jdk_home/jre/lib/security/cacerts)
- point your java code to this cacert
System.setProperty("javax.net.ssl.trustStore", "/foo/jdk_home/jre/lib/security/cacerts");
System.setProperty("javax.net.ssl.trustStorePassword", "changeit");
-
sometimes is hard to get the certificate. In this case you could use openssl to extract the certificate from the url or ip:port :
-
the extracted certificate cannot be directly loaded into the jdk cacert. In this case if you have the certificate type A but the cacert needs a type B, you need to converted them
https://stackoverflow.com/questions/4325263/how-to-import-a-cer-certificate-into-a-java-keystore
# linux
keytool -importcert -file certificate.cer -keystore keystore.jks -alias "Alias"
# windows
keytool -importcert -file D:\foo\bar\acme.cer -keystore C:\foo\bar\openjdk-xyz\jre\lib\security\cacerts -alias "acme service"