Can JVM trust a self-signed certificate for only a single run?
Question
I am trying to get a clojure jar to trust a self-signed certificate that I made when I run the jar, only I don't actually want to add the cert to my certificate store. Is there any way to get the JVM to trust this openssl self-signed cert ephemerally, or in a way that it will only be trusted for a single run?
If there is an in-language way to do it, and if it helps, I'm using the clj-http-lite library, using the get function. Extra points, though, for a generic JVM-wide solution.
2 answers
solution1
2 2020-12-21 05:54:11
You can create a (temporary) trust store and configure it on the command line with javax.net.ssl.trustStore and javax.net.ssl.trustStorePassword system properties: https://docs.oracle.com/javadb/10.8.3.0/adminguide/cadminsslclient.html
solution2
-1 ACCPTED 2020-12-27 19:58:50
I do not recommend to override global trust store using command line argument javax.net.ssl.trustStore for JVM. Instead, if you need to connect to remote server using self-signed certificate, I recommend to build SSL context in code and use it for connection. This approach is better when you don't want to downgrade global JVM security and if you have multiple endpoints each requires self-signed certificate for connection.
Here is example of Building SSL context which can be used in http/get function. You can pass it to request function (see code for insecure? option and make the same way).
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.