Making Self-Signed Certificates Trusted
This section provides a tutorial example on how to make a self-signed certificate trusted during a SSL socket communication.
One way to resolve the self-signed certificate problem shown in the previous section,
is to pre-install the server's public key on the client machine and define it as a trusted certificate:
- On the server side, export my public key out as a certificate.
- One the client side, import the server's public key into a key store file.
- Run the SSL client program with the key store file as trusted. This can
be done by using "-Djavax.net.ssl.trustStore=myKeyStore.jks" as java option.
Here is what I did on the server side:
keytool.exe -exportcert -alias my_home -file my_home.crt
-keystore herong.jks -storepass HerongJKS
Certificate stored in file <my_home.crt>
>"send my_home.crt to the client machine..."
Here is what I did on the client side:
>"receive my_home.crt from the server machine..."
>keytool.exe -importcert -alias herong_home -file my_home.crt
-keystore public.jks -storepass PublicJKS
Owner: CN=Herong Yang, OU=My unit, O=My home, L=My city, ST=My sta...
Issuer: CN=Herong Yang, OU=My unit, O=My home, L=My city, ST=My st...
Serial number: 42266fba
Valid from: Sat Jul 05 21:00:26 EST 2014 until: ...
Trust this certificate? [no]: y
Certificate was added to keystore
Now run SslReverseEchoer.java again. Then run SslSocketClient with public.jks:
>java -cp . -Djavax.net.ssl.trustStore=public.jks
Socket class: class com.sun.net.ssl.internal.ssl.SSLSocketImpl
Remote address = localhost/127.0.0.1
Remote port = 8888
Local socket address = /127.0.0.1:2187
Local address = /127.0.0.1
Local port = 2187
Need client authentication = false
Cipher suite = TLS_DHE_DSS_WITH_AES_128_CBC_SHA
Protocol = TLSv1
Welcome to SSL Reverse Echo Server. Please type in some words.
Congratulations! We have successfully used JSSE to create a SSL socket
- Even I specified SSL when constructing the SSLContext object, the
final protocol used in the communication is TLSv1. I don't know why.
- Client authentication is not used.
Last update: 2014.
Table of Contents
About This JDK Tutorial Book
Downloading and Installing JDK 1.8.0 on Windows
Downloading and Installing JDK 1.7.0 on Windows
Downloading and Installing JDK 1.6.2 on Windows
Java Date-Time API
Date, Time and Calendar Classes
Date and Time Object and String Conversion
Number Object and Numeric String Conversion
Locales, Localization Methods and Resource Bundles
Calling and Importing Classes Defined in Unnamed Packages
HashSet, Vector, HashMap and Collection Classes
Character Set Encoding Classes and Methods
Character Set Encoding Maps
Encoding Conversion Programs for Encoded Text Files
Socket Network Communication
Datagram Network Communication
DOM (Document Object Model) - API for XML Files
SAX (Simple API for XML)
DTD (Document Type Definition) - XML Validation
XSD (XML Schema Definition) - XML Validation
XSL (Extensible Stylesheet Language)
Message Digest Algorithm Implementations in JDK
Private key and Public Key Pair Generation
PKCS#8/X.509 Private/Public Encoding Standards
Digital Signature Algorithm and Sample Program
"keytool" Commands and "keystore" Files
KeyStore and Certificate Classes
Secret Key Generation and Management
Cipher - Secret Key Encryption and Decryption
The SSL (Secure Socket Layer) Protocol
►SSL Socket Communication Testing Programs
SSL Socket Communication Test
SslReverseEchoer.java - SSL Server Socket Example
SslSocketClient.java - SSL Client Socket Example
►Making Self-Signed Certificates Trusted
javax.net.debug - Debugging SSL Socket Communication
SSL Client Authentication
HTTPS (Hypertext Transfer Protocol Secure)
PDF Printing Version