Keystore
Keystore is a file which stores security or authorization certificates. We can say it is a repository of certificates. In java in order to connect to an ssl enabled service , ssl certificate of the service needs to be added in the keystore of Java. This is also called as trust store. By default "cacert" file in "jre/lib/security" directory is the trust store. But we can define another file as trust store by adding following parameter while we running the application.
-Djavax.net.ssl.trustStore="/opt/ca.keystore"
-Djavax.net.ssl.trustStorePassword="password"
Why keystore?
If your java program needs to connect a webservice or need to download something over ssl then you need to import the certificate/trust to your keystore.
How can import a trust to keystore?
we can use openssl command for getting the trust and also for importing to keystore.
openssl s_client -connect hostname_of_service:ssl_port >trust.cert
Open the trust.cert with a text editor and delete the lines before -BEGIN CERTIFICATE- and the content after -END CERTIFICATE- line. Then save the file.
using following command we can import this trust to our keystore. Here I am trying to import to cacert of java. But if you are defining the file other than cacert you can use that file name as keystore file.
keytool -import -alias "tomcat" -file trust.cert -keystore /java-6-openjdk-amd64/jre/lib/security/cacerts
The above command will prompt for password.
Note:- Instead of /java-6-openjdk-amd64/jre/lib/security/cacerts you can use the file which you are going to use as keystore.
Eclipse
If you are using eclipse check whether the correct Java is using . Because if there is multiple Java installed and we configured a Java without our required keystore then SSL connectivity will fail.
No comments:
Post a Comment