JDK Tutorials - Herong's Tutorial Examples - Version 6.02, by Dr. Herong Yang
Making Self-Signed Certificates Trusted
This section provides a tutorial example on how to make a self-signed certificate trusted during a SSL socket communication.
One way to resolve the self-signed certificate problem shown in the previous section, is to pre-install the server's public key on the client machine and define it as a trusted certificate:
Here is what I did on the server side:
keytool.exe -exportcert -alias my_home -file my_home.crt -keystore herong.jks -storepass HerongJKS Certificate stored in file <my_home.crt> >"send my_home.crt to the client machine..."
Here is what I did on the client side:
>"receive my_home.crt from the server machine..." >keytool.exe -importcert -alias herong_home -file my_home.crt -keystore public.jks -storepass PublicJKS Owner: CN=Herong Yang, OU=My unit, O=My home, L=My city, ST=My sta... Issuer: CN=Herong Yang, OU=My unit, O=My home, L=My city, ST=My st... Serial number: 42266fba Valid from: Sat Jul 05 21:00:26 EST 2014 until: ... Certificate fingerprints: MD5: 55:2C:5B:49:47:CB:61:40:FD:1A:3C:B7:16:6C:8E:7E SHA1: EC:B6:77:A1:21:9F:7E:AE:AF:B0:7C:AC:C5:B7:24:B7:45:... Trust this certificate? [no]: y Certificate was added to keystore
Now run SslReverseEchoer.java again. Then run SslSocketClient with public.jks:
>java -cp . -Djavax.net.ssl.trustStore=public.jks SslSocketClient Socket class: class com.sun.net.ssl.internal.ssl.SSLSocketImpl Remote address = localhost/127.0.0.1 Remote port = 8888 Local socket address = /127.0.0.1:2187 Local address = /127.0.0.1 Local port = 2187 Need client authentication = false Cipher suite = TLS_DHE_DSS_WITH_AES_128_CBC_SHA Protocol = TLSv1 Welcome to SSL Reverse Echo Server. Please type in some words. Hello world! !dlrow olleH It works! !skrow tI .
Congratulations! We have successfully used JSSE to create a SSL socket communication.
Note that:
Last update: 2014.
Table of Contents
Downloading and Installing JDK 1.8.0 on Windows
Downloading and Installing JDK 1.7.0 on Windows
Downloading and Installing JDK 1.6.2 on Windows
Date, Time and Calendar Classes
Date and Time Object and String Conversion
Number Object and Numeric String Conversion
Locales, Localization Methods and Resource Bundles
Calling and Importing Classes Defined in Unnamed Packages
HashSet, Vector, HashMap and Collection Classes
Character Set Encoding Classes and Methods
Encoding Conversion Programs for Encoded Text Files
Datagram Network Communication
DOM (Document Object Model) - API for XML Files
DTD (Document Type Definition) - XML Validation
XSD (XML Schema Definition) - XML Validation
XSL (Extensible Stylesheet Language)
Message Digest Algorithm Implementations in JDK
Private key and Public Key Pair Generation
PKCS#8/X.509 Private/Public Encoding Standards
Digital Signature Algorithm and Sample Program
"keytool" Commands and "keystore" Files
KeyStore and Certificate Classes
Secret Key Generation and Management
Cipher - Secret Key Encryption and Decryption
The SSL (Secure Socket Layer) Protocol
►SSL Socket Communication Testing Programs
SslReverseEchoer.java - SSL Server Socket Example
SslSocketClient.java - SSL Client Socket Example
►Making Self-Signed Certificates Trusted
javax.net.debug - Debugging SSL Socket Communication