0

I'm trying, in java, to connect to a HTTPS endpoint. The server's certificate is signed by an internal CA. (not included in the truststore). Because of that, connection fails as expected

How can I inspect a certificate from a https server before the connection is made (in java). I need to view it to know what CA certificate I need to import.

I can do this using openssl like so openssl s_client -connect www.paypal.com:443

But I would like to do this from Java

Thanks!

Ward
  • 2,802
  • 1
  • 23
  • 38
  • You would like to do this from Java why? – user207421 Jun 14 '17 at 11:42
  • Create a TrustManager and use the CA or server certificate as trusted certificate. Then you will be able to connect to all servers that us a certificate from that CA. See https://stackoverflow.com/a/859271/150978 – Robert Jun 14 '17 at 12:06
  • Can you help me out why you downvoted this? I would like to improve my question :) – Ward Jun 14 '17 at 13:42
  • @Robert sorry if my question was not clear: I need to know what CA cert signed the HTTPS certificate before I can do that – Ward Jun 14 '17 at 13:47
  • Ok, then the sanwer would be like "Create a Java Keystore and import the saved certificate into the Keystore"? Or do you try to create something like SSH (trust on first use)? – Robert Jun 14 '17 at 13:52

1 Answers1

1

You do a connection with disabled chain verfication. You could find an example there: http://www.nakov.com/blog/2009/07/16/disable-certificate-validation-in-java-ssl-connections/

After having the insecure connection you could inspect the certificate

Neroon
  • 1,341
  • 1
  • 9
  • 4