How to load SSL Certificate in Java

Question

I am creating a Java program to get information from a server but I have to perform a ssl handshake with the server from the Java program.

I have myfilercert.cer file certificate for authentication purpose but I have no idea how I can load that certificate in java so that the java program can perform 'handshake' with the server where I want to get information from. Where to begin?

Answer 1

What you need is the java keystore. The keystore is a repository of security certificates used in SSL encryption. You can read here about the Server Authentication During SSL Handshake. This is a keystore tutorial.

As an alternative to keytool, i would suggest a tool with a Graphical User Interface called Portecle. You can use it to browse the contents of your .cer file and see what's in it.

It can be useful to know about the various certificate encodings. Also read about the X.509 standard.

This is an article on java keytool essentials (which is the oracle tool that works with the java keystore).

You can google and find a lot of resources that instruct you how to generate. I think you will want to keep the certificate at the application level.

Some SO questions that helped me along the way:

• Trust Store vs Key Store - creating with keytool - important to know the difference between the trust manager and keymanager
• Java HTTPS client certificate authentication
• How to export private key from a keystore of self-signed certificate
• What is difference between cacerts and keystore
• How to connect to a secure website using SSL in Java with a pkcs12 file?
• Received fatal alert: handshake_failure through SSLHandshakeException
• How to configure trustStore for javax.net.ssl.trustStore on windows?

Good luck!

Answer 2

You can use Apache HttpClient (or just use the required classes from it to use SslContextBuilder, really), and then it'd be like so:

        SSLContextBuilder sslContextBuilder = SSLContextBuilder.create();
        sslContextBuilder.loadTrustMaterial(new File("yourTrustStore.jks"), "thePassWord");
        SSLContext sslContext = sslContextBuilder.build();
        HttpsURLConnection httpsURLConnection = (HttpsURLConnection) (new URL("https://thesite.com").openConnection());
        httpsURLConnection.setSSLSocketFactory(sslContext.getSocketFactory());

But you need to create a keystore for your certificate, which can be done with keytool. If you need this for android, you'll need SpongyCastle library, and use that as a provider for KeyTool to create a BKS keystore instead of a JKS keystore; and you will need to explicitly open the KeyStore in Java.

                KeyStore keyStore = KeyStore.getInstance("BKS",
                                                         BouncyCastleProvider.PROVIDER_NAME);
                byteArrayInputStream = new ByteArrayInputStream(keyStoreBytes);
                keyStore.load(byteArrayInputStream, keyStorePassword);
                Certificate[] certificates = keyStore.getCertificateChain("theCertAlias");
                Certificate certificate = certificates[0];