Resources:
-
-
Save ssledz/0e0195a7deb0df9f521910aab863fc5b to your computer and use it in GitHub Desktop.
How to setup https communication between server and client in java using self signed certificate
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
keystore_file=my-keystore.jks | |
keystore_password=changeit | |
keytool -genkeypair -alias my-app -keystore $keystore_file -keypass $keystore_password -storepass $keystore_password -dname "cn=my-app, ou=main, o=sof-tech.pl, l=Warszawa, st=Warszawa, c=pl" -validity 7000 | |
keytool -exportcert -alias 'letsencryptisrgx1 [jdk]' -file letsencrypt.der -keystore $JAVA_HOME/jre/lib/security/cacerts -storepass changeit | |
keytool -exportcert -alias 'identrustdstx3 [jdk]' -file identrustdstx3.der -keystore $JAVA_HOME/jre/lib/security/cacerts -storepass changeit | |
keytool -importcert -trustcacerts -file letsencrypt.der -alias 'letsencryptisrgx1 [jdk]' -keystore $keystore_file -storepass $keystore_password | |
keytool -importcert -trustcacerts -file identrustdstx3.der -alias 'identrustdstx3 [jdk]' -keystore $keystore_file -storepass $keystore_password |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import java.io.BufferedInputStream; | |
import java.io.IOException; | |
import java.io.InputStream; | |
import java.net.URL; | |
import java.net.URLConnection; | |
import java.nio.file.Files; | |
import java.nio.file.Path; | |
import java.nio.file.Paths; | |
import java.security.KeyStore; | |
import java.security.cert.Certificate; | |
import java.security.cert.CertificateFactory; | |
import java.security.cert.PKIXParameters; | |
import java.security.cert.TrustAnchor; | |
import java.security.cert.X509Certificate; | |
import javax.net.ssl.SSLContext; | |
import javax.net.ssl.SSLHandshakeException; | |
import javax.net.ssl.TrustManagerFactory; | |
public class SSLExample { | |
// BEGIN ------- ADDME | |
static { | |
try { | |
KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType()); | |
Path ksPath = Paths.get(System.getProperty("java.home"), | |
"lib", "security", "cacerts"); | |
keyStore.load(Files.newInputStream(ksPath), | |
"changeit".toCharArray()); | |
CertificateFactory cf = CertificateFactory.getInstance("X.509"); | |
try (InputStream caInput = new BufferedInputStream( | |
SSLExample.class.getResourceAsStream("DSTRootCAX3.der"))) { | |
Certificate crt = cf.generateCertificate(caInput); | |
System.out.println("Added Cert for " + ((X509Certificate) crt) | |
.getSubjectDN()); | |
keyStore.setCertificateEntry("DSTRootCAX3", crt); | |
} | |
if (false) { // enable to see | |
System.out.println("Truststore now trusting: "); | |
PKIXParameters params = new PKIXParameters(keyStore); | |
params.getTrustAnchors().stream() | |
.map(TrustAnchor::getTrustedCert) | |
.map(X509Certificate::getSubjectDN) | |
.forEach(System.out::println); | |
System.out.println(); | |
} | |
TrustManagerFactory tmf = TrustManagerFactory | |
.getInstance(TrustManagerFactory.getDefaultAlgorithm()); | |
tmf.init(keyStore); | |
SSLContext sslContext = SSLContext.getInstance("TLS"); | |
sslContext.init(null, tmf.getTrustManagers(), null); | |
SSLContext.setDefault(sslContext); | |
} catch (Exception e) { | |
throw new RuntimeException(e); | |
} | |
} | |
// END ---------- ADDME | |
public static void main(String[] args) throws IOException { | |
// signed by default trusted CAs. | |
testUrl(new URL("https://google.com")); | |
testUrl(new URL("https://www.thawte.com")); | |
// signed by letsencrypt | |
testUrl(new URL("https://helloworld.letsencrypt.org")); | |
// signed by LE's cross-sign CA | |
testUrl(new URL("https://letsencrypt.org")); | |
// expired | |
testUrl(new URL("https://tv.eurosport.com/")); | |
// self-signed | |
testUrl(new URL("https://www.pcwebshop.co.uk/")); | |
} | |
static void testUrl(URL url) throws IOException { | |
URLConnection connection = url.openConnection(); | |
try { | |
connection.connect(); | |
System.out.println("Headers of " + url + " => " | |
+ connection.getHeaderFields()); | |
} catch (SSLHandshakeException e) { | |
System.out.println("Untrusted: " + url); | |
} | |
} | |
} | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment