Making Self-Signed Certificates Trusted

This section provides a tutorial example on how to make a self-signed certificate trusted during a SSL socket communication.

One way to resolve the self-signed certificate problem shown in the previous section, is to pre-install the server's public key on the client machine and define it as a trusted certificate:

Here is what I did on the server side:

keytool.exe -exportcert -alias my_home -file my_home.crt 
   -keystore herong.jks -storepass HerongJKS
   
Certificate stored in file <my_home.crt>

>"send my_home.crt to the client machine..."

Here is what I did on the client side:

>"receive my_home.crt from the server machine..."

>keytool.exe -importcert -alias herong_home -file my_home.crt 
   -keystore public.jks -storepass PublicJKS

Owner: CN=Herong Yang, OU=My unit, O=My home, L=My city, ST=My sta...
Issuer: CN=Herong Yang, OU=My unit, O=My home, L=My city, ST=My st...
Serial number: 42266fba
Valid from: Sat Jul 05 21:00:26 EST 2014 until: ...
Certificate fingerprints:
         MD5:  55:2C:5B:49:47:CB:61:40:FD:1A:3C:B7:16:6C:8E:7E
         SHA1: EC:B6:77:A1:21:9F:7E:AE:AF:B0:7C:AC:C5:B7:24:B7:45:...
Trust this certificate? [no]:  y
Certificate was added to keystore

Now run SslReverseEchoer.java again. Then run SslSocketClient with public.jks:

>java -cp . -Djavax.net.ssl.trustStore=public.jks
   SslSocketClient

Socket class: class com.sun.net.ssl.internal.ssl.SSLSocketImpl
   Remote address = localhost/127.0.0.1
   Remote port = 8888
   Local socket address = /127.0.0.1:2187
   Local address = /127.0.0.1
   Local port = 2187
   Need client authentication = false
   Cipher suite = TLS_DHE_DSS_WITH_AES_128_CBC_SHA
   Protocol = TLSv1
Welcome to SSL Reverse Echo Server. Please type in some words.
Hello world!
!dlrow olleH
It works!
!skrow tI
.

Congratulations! We have successfully used JSSE to create a SSL socket communication.

Note that:

Last update: 2014.

Table of Contents

 About This JDK Tutorial Book

 Downloading and Installing JDK 1.8.0 on Windows

 Downloading and Installing JDK 1.7.0 on Windows

 Downloading and Installing JDK 1.6.2 on Windows

 Java Date-Time API

 Date, Time and Calendar Classes

 Date and Time Object and String Conversion

 Number Object and Numeric String Conversion

 Locales, Localization Methods and Resource Bundles

 Calling and Importing Classes Defined in Unnamed Packages

 HashSet, Vector, HashMap and Collection Classes

 Character Set Encoding Classes and Methods

 Character Set Encoding Maps

 Encoding Conversion Programs for Encoded Text Files

 Socket Network Communication

 Datagram Network Communication

 DOM (Document Object Model) - API for XML Files

 SAX (Simple API for XML)

 DTD (Document Type Definition) - XML Validation

 XSD (XML Schema Definition) - XML Validation

 XSL (Extensible Stylesheet Language)

 Message Digest Algorithm Implementations in JDK

 Private key and Public Key Pair Generation

 PKCS#8/X.509 Private/Public Encoding Standards

 Digital Signature Algorithm and Sample Program

 "keytool" Commands and "keystore" Files

 KeyStore and Certificate Classes

 Secret Key Generation and Management

 Cipher - Secret Key Encryption and Decryption

 The SSL (Secure Socket Layer) Protocol

SSL Socket Communication Testing Programs

 SSL Socket Communication Test

 SslReverseEchoer.java - SSL Server Socket Example

 SslSocketClient.java - SSL Client Socket Example

Making Self-Signed Certificates Trusted

 javax.net.debug - Debugging SSL Socket Communication

 SSL Client Authentication

 HTTPS (Hypertext Transfer Protocol Secure)

 Outdated Tutorials

 References

 PDF Printing Version