Java SSL without using Truststore

Question

I'm working on a platform (java) which integrates with multiple (micro)services all the communication is over SSL. so the platform acts as a SSL Client.

I cant import all the certificates of different services into my platform truststore, instead we want to use different SSLContext for different services.

One of the downside to this approach is that we would need to maintain so many truststores.

We are thinking of getting the certificate chain from a service discovery and use the certificate as it is and input it to SSLContext without importing it into a trusstore and then using it.

TL;DR Is there a way to configure SSLContext in Java without using truststores but only using ca bundle as a PEM / cert ?

Of course there is a way, but... "maintain so many truststores" is bad and "maintain so many separate certificates" is good? what's a difference? — Vadim, Feb 21 '17 at 11:12
Your objective is obscure. First, you don't need a custom truststore at all unless you need to communicate with a server which sends a self-signed certificate. Second, there is no reason to keep self-signed certificates in separate truststores. Unclear what you're asking. — user207421, Feb 21 '17 at 11:48

score 0 · Answer 1 · edited May 23 '17 at 12:09

0

You can take inspiration from first part of this solution about creating a SSLSocketFactory. And once you crack your logic, make it your default like below:

HttpsURLConnection.setDefaultSSLSocketFactory(mySslSocketFactory);

edited May 23 '17 at 12:09

Community

1
1

answered Feb 21 '17 at 11:13

Pavan Kumar

4,182
1
30
45

Java SSL without using Truststore

1 Answers1