2

I am writing a fairly simple client application in Java which uses Apache HttpComponents to send few HTTP requests to a server and process its responses. I am stuck with connecting to SSL server though, as all the test servers I have access to are using certificates signed by our corporate root certificate (distributed by AD domain controllers) and this root certificate is not trusted by default.

I did a fair amount of googling in the last few days, but did not find a solution which works for me. All solutions I found (most of them are here - on Stack Overflow) are coming down to 2 paths:

1. Disable certificate trust completely. Well, this might be fine for tests, but I want trust check enabled in the release version of the application and thus I have to test it too.

2. Add self-signed certificate to the Java cert store using keytool. This would be easy enough to do for tests, but not for the release version. In my environment I know what certificate I need to trust/add, however potential users of the application will be outside of my environment and thus they will have their own different set of certificates.

Here's some links for solutions I mention above (there are much more out there, but they all come down to the same 2 solutions):

What I want (ideally) is to have Java code checking certificate received from Server against Windows certificate storage and trust it as long as Windows does (if there is a multi-platform solution - even better). Or, alternatively, export all trusted root certification authorities from Windows cert storage and import them into Java trust storage. The general idea is to trust a server certificate if user's machine trusts it, no matter what kind of certificate it is (self-signed, commercial, corporate AD cert, etc.).

Is there a way to achieve this? Thanks!

Community
  • 1
  • 1
Xantrul
  • 431
  • 5
  • 5

0 Answers0