stackoom
  简体   繁体   中英

How to run a Java HTTP server with self-signed certificate and trust that for browers?

 原文  2016-08-01 09:07:54       java/ ssl/ jks/ pkcs12

Question

I have a requirement where I need to run a Java-based HTTP server on SSL and connect to that from browsers. I also need to make sure that browsers don't show the security exception for self-signed certificate.

I did the following -

  1. Generated a JKS keystore using Java keytool -keygen.
  2. Imported that keystore as a PKCS12 p12 file, using keytool -importkeystore.

  3. Loaded the p12 file in to a X509Certificate2 object and added that to Root and CertificateAuthority

    X509Store store5 = new X509Store(StoreName.Root, StoreLocation.LocalMachine); store5.Open(OpenFlags.ReadWrite); store5.Add(cert); store5.Close(); X509Store store2 = new X509Store(StoreName.CertificateAuthority, StoreLocation.LocalMachine); store2.Open(OpenFlags.ReadWrite); store2.Add(cert); store2.Close();

  4. Exported a certificate file from JKS keystore.

  5. Added that .cer file to cacerts of Java.

Now when I run the HTTP server, it picks the certificate and serves HTTPS requests, but the browser still shows the site as untrusted.

2 answers

solution1
 1  2016-08-01 09:10:22

Of course it is impossible. The whole purpose of the error message of the browser is to alert the user that the website is using certificate that is unsafe.

After you send the certificate request to the CA. you should bet the CA certificate along with a "bundle" which is two or more certificates chained (concatanated) and you install that into the jks (java keystore) and the browser will accept your website as secure

There are numerous resources on this topic available through your favorite search engine...

solution2
 1  2016-08-01 09:13:29

Nitin , the option here is to install the certificate that you generated on the browser. You have not specified which browser , i am taking IE as a example. You can import the certificates.

Please Please Note : I am importing them to a trusted store because , i know i created them and i trust the issuer of the certificate. Never do that for untrusted 3rd party sites. Additionally you may want to add the site as a trusted site with lesser security if you trust it

在此处输入图片说明

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Can JVM trust a self-signed certificate for only a single run? Unable to get Java to trust my self-signed certificate How to make a machine trust a self-signed Java application Tomcat server AND HTTP Client accepting expired self-signed certificate Accept server's self-signed ssl certificate in Java client Maven sonar plugin: trust self-signed certificate How to add self-signed certificate to Java truststore? How does a Java client automatically accept a self-signed certificate from the server How to generate self-signed certificate in Java with JDK17 Connect to websocket with self-signed certificate in java
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM