Server cert and Client Truststore

I am attempting to call a webservice making use of ssl. Just how do i get the pertinent web server cert to make sure that i can import it right into my truststore? I find out about making use of building com.ibm.ssl.enableSignerExchangePrompt from a major method yet i would certainly add the web server cert to my truststore by hand.

I do not desire this building embeded in any one of my servlets

Any aid is substantially valued Thanks Damien

0
2022-07-25 20:41:47
Source Share
Answers: 1

you can programmatically do this with Java by applying your very own X509TrustManager.


public class dummyTrustManager implements X509TrustManager {

        public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {
            //do nothing
        }

        public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {
            // do nothing
        }

        public X509Certificate[] getAcceptedIssuers() {
            //just return an empty issuer
            return new X509Certificate[0];
        }
    }

Then you can utilize this trust fund supervisor to create a SSL sockect


SSLContext context = SSLContext.getInstance("SSL");
context.init(null, new TrustManager[] { new dummyTrustManager() },
                            new java.security.SecureRandom());

SSLSocketFactory factory = context.getSocketFactory();
InetAddress addr = InetAddress.getByName(host_);
SSLSocket sock =  (SSLSocket)factory.createSocket(addr, port_);

Then with that said outlet you can simply extract the web server certificate (a placed import it in the relied on keystore)


SSLSession session = sock.getSession();
Certificate[] certchain = session.getPeerCertificates();
2
2022-07-25 20:52:46
Source