Certificate Validation in an HTTPS Connection
By default, accessing an HTTPS URL using the URL class results in an exception if the server’s certificate chain cannot be validated has not previously been installed in the trust store.
Working with: Eclipse as platform, JAVA for the programming language
Purpose: certificate yourself to a webservice so that you can perform operations and access his methods. This tutorial will only step you through the steps of certificating.
Steps to follow:
1. have the necessary certificate
2. install the keytool plugin
3. Java code to use
-
If you don’t already have the certificate and you need to export it, remember to select the “Base-64 encoded x.509″ option on the export options.
- Install the “keytool” plugin in Eclipse. Use this: http://keytool.sourceforge.net/update/ This keytool stores a multitude of certificates. You can import a new certificate in hisĀ “store”. After you install the keytool, restart Eclipe. After that you will see in the top Eclipse menu another option “Keytool”. Click it and choose “Open keystore”. A new window will pop up asking you some information that you need to complete.
Meaning(Figure 1):
- Type: choose JKS
- Filename: the path to the java cacerts file(C:\Program Files\Java\jre6\lib\security\cacerts)
- Password: changeit(it by default)
Figure 1:
After this, a “store” of already imported certificates will be open, at your disposal :D , but for this operation all you want to do is import your certificate into it.
To do that right click on the name of the store and choose: “Import certificate”, like in figure 2.
Figure 2:
After you click the “Import certificate” this window will pop out :
Keystore: path to the cacerts(as above)
Filename : actual path for the certificate you want to import.
Alias: give it a name as an identifier: eg: Xcertificate
Just click “Finish” button.
3. Now I java code, before everything you need to “tell” the program about the certificate you imported with keytool. These are the 2 lines of code:
System.setProperty(PropsUtil.keyCert, PropsUtil.valueCertPath);
System.setProperty(PropsUtil.trustPassKey, PropsUtil.trustPassValue);
Where:
keyCert = “javax.net.ssl.trustStore”;
valueCertPath = “C:/Program Files/Java/jre6/lib/security/cacerts”;
trustPassKey = “javax.net.ssl.trustStorePassword”;
trustPassValue = “changeit”;
And that’s about it.
Help from Ciprian’s Radu document “Working with iManagement from Eclipse”.
Tags: certification Eclipse Java keytool webservices
Posted in: Java
November 6, 2009
| 
Gabriela Radu | 
One Comment
One Response
November 9, 2009 1
Thanks for writing something about the keytool plugin. I think this s a nice plugin, which allows any Eclipse user to work with Java keystores easier. Of course, you can always manage a Java keystore using the command line tool. Besides official documentation (like http://java.sun.com/j2se/1.4.2/docs/tooldocs/windows/keytool.html), I think that this link is a handy tutorial: http://www.mobilefish.com/tutorials/java/java_quickguide_keytool.html
If you don’t like to keep in mind how to use the keytool from the command line (I don’t), than the keytool plugin is something nice to consider.
Leave a Reply