I have a requirement where I need to run a Java-based HTTP server on SSL and connect to that from browsers. I also need to make sure that browsers don't show the security exception for self-signed certificate.
I did the following -
Loaded the p12 file in to a X509Certificate2 object and added that to Root and CertificateAuthority
X509Store store5 = new X509Store(StoreName.Root, StoreLocation.LocalMachine); store5.Open(OpenFlags.ReadWrite); store5.Add(cert); store5.Close(); X509Store store2 = new X509Store(StoreName.CertificateAuthority, StoreLocation.LocalMachine); store2.Open(OpenFlags.ReadWrite); store2.Add(cert); store2.Close();
Exported a certificate file from JKS keystore.
Now when I run the HTTP server, it picks the certificate and serves HTTPS requests, but the browser still shows the site as untrusted.
Of course it is impossible. The whole purpose of the error message of the browser is to alert the user that the website is using certificate that is unsafe.
After you send the certificate request to the CA. you should bet the CA certificate along with a "bundle" which is two or more certificates chained (concatanated) and you install that into the jks (java keystore) and the browser will accept your website as secure
There are numerous resources on this topic available through your favorite search engine...
Nitin , the option here is to install the certificate that you generated on the browser. You have not specified which browser , i am taking IE as a example. You can import the certificates.
Please Please Note : I am importing them to a trusted store because , i know i created them and i trust the issuer of the certificate. Never do that for untrusted 3rd party sites. Additionally you may want to add the site as a trusted site with lesser security if you trust it
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.