0

Java has class X509Certificate and method checkValidity(). https://docs.oracle.com/javase/7/docs/api/java/security/cert/X509Certificate.html#checkValidity()

I connect to some server via HTTPS in my Java program. I need to check authenticity server's sertificate including issuers. I want to be sure that root issuer is trusted (in local trust storage). But method checkValidity() checks validity period only ("the current date and time are within the validity period given in the certificate"). How can I check that I want to?

Excuse me, if my question is simple. I am beginner. All that I found is Get certificate and add it to a Java truststore, when only having https URL?

But it is using checkValidity(). I need a little more than check validity period.

Peter Toroptsev
  • 1
  • 1
    If you connect with the normal libraries (`URL.openConnection` -> `HttpsURLConnection` for HTTPS only, or `SSLSocket` or `SSLEngine` for any SSL/TLS) JSSE will automatically verify all of the server's cert chain up to an anchor (usually but not necessarily root) in a local truststore, which can be supplied explicitly or defaulted; the default depends on whether you are using Oracle/Sun Java, IBM Java, Android Java, or various packagings of OpenJDK. The first also checks that the _name_ in the server cert (SAN or Subject) matches the hostname in the URL. In what way does this not satisfy you? – dave_thompson_085 Sep 11 '17 at 21:02
  • @dave_thompson_085 I wasn't sure that Java will automatically verify the server's cert chain. Thanks for the clarification – Peter Toroptsev Sep 12 '17 at 09:24

0 Answers0