Skip to content

@laurentpetit /gist:e3b6d07cbc8b26373deb secret
Created

Embed URL

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Make a SSL certificate visible to your app
Since the server is using https, we need to:
1/ obtain the certificate from the server,
2/ add this certificate to java's default trusted store
3/ restart the server
1/ obtain the certificate from the server
Here's a recipe that can be used when you're stuck with the command-line, as is generally the case if you're configuring a server:
* Create the following file to help you get the certificate, let's name it `retrieve-cert.sh`:
#!/bin/sh
#
# usage: retrieve-cert.sh remote.host.name [port]
#
REMHOST=$1
REMPORT=${2:-443}
echo |\
openssl s_client -connect ${REMHOST}:${REMPORT} 2>&1 |\
sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p'
* Call the file with the IP of the server (let's say it's 10.235.246.123 for the example), the port (generally 443 for https), and send the output to some file, let's name it server.pem:
sh retrieve-cert.sh 10.235.246.123 443 > server.pem
2/ add this certificate to java's default trusted store
* each Java Development Kit installation (whose home directory is generally known as `${JAVA_HOME}`) has a default certificate trusted store, located in `${JAVA_HOME}/security/cacerts`
* and by default a JVM when started will load all the certificates present in this trusted store
* so you'll just type the following command, which will add the server's certificate located in file `server.pem` to this default trusted store:
JAVA_HOME=/path/to/your/java/home # e.g. for ubuntu it'll be /etc/java-6-sun
CERTIFICATE_ALIAS="some-alias-for-your-certificate-inside-the-trusted-store"
sudo ${JAVA_HOME}/bin/keytool -import -alias ${CERTIFICATE_ALIAS} -keystore ${JAVA_HOME}/security/cacerts -file server.pem
* the default password for the JDK's cacert keystore is `changeit`
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.