Java send https request to a server
Question
I have a java application dat sends https request to my server. I had to create a keystore with:
keytool -import -file mycert.cer -alias myalias -keystore keystore.jks
and use that as truststore in my java app. But the certificate on my server is valid for one year. After one year the certificate changes.
So does it mean I have to generate a new keystore when that happens? Or are there better ways of achieving this?
2 answers
solution1
0 2018-04-24 16:04:52
Yes, normally you have to upload the new certificate in your keystore whenever the certificate changes.
The purpose of certificate is to establish a trusted connection. The certificate tells your program that the URL it is trying to reach is actually the real URL and not a fake one.
Security always comes at a cost. Changing a certificate yearly is a minor overhead to the security it provides to avoid any DNS spoofing attacks.
To answer if there are better ways to do it - Yes, the better way is to import the certificate in the same keystore. You will not need to change the keystore.
You can use below command to achieve the same:
keytool -import -file newcert.cer -alias mynewcertificate -keystore keystore.jks
Enter password of your keystore when asked for.
solution2
0 2018-04-25 05:06:59
Not. You can simply add the new certificate to the keystore. Once you are sure that the old one is no more used, you can delete it from the keystore.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.