Monday, June 5, 2006

Import Certificate With Java Keytool

Under Java environment, sometimes we need to install certificate in order to connect to secure site. Else we will hit some SSL HandShakeException, here will describe how to install the certificate to solve that problem.

The first step is to get the certificate as a file. The easiest way to do this is to surf to https web sites in Internet Explorer, go to File, then Properties.On the popped up Properties you'll see a "Certificates" button in the bottom right hand side. Click on that, select the Details tab, then "Copy to File..". Follow the wizard through saving as "DER encoded binary X.509". Name your file javaCert.cer. (Alternatively if you wish to install one of the other certificates in the chain they should be downloadable from their websites.)

Now enter the following at a DOS prompt where "c:\Program Files\Java\j2re1.4.2_04" can be substituted for your own java installation path:

keytool -keystore "path to your cert location" -import -file javaCert.cer -alias JavaCert


(keystote location, default will at your own user directory, name as .keystore)


On executing this, you'll be prompted for a password which should be "changeit" (the default). Then enter "yes" to finish.

The cert will be succefully import and now within your code , simply add this 2 line

System.setProperty("javax.net.ssl.trustStore", "path to your keystore location");
System.setProperty("javax.net.ssl.trustStorePassword", "changeit");

Now the program will use this key store and u can access the https site which is not trusted site before.

No comments: