Connecting with Java to webservices that use certificates

Owned by Steen Manniche
Last updated: Apr 05, 2013Version comment
1 min read

A lot of times, I have seen myself and others having trouble contacting a website that uses a certificate, but whose CA is not in the global Java truststore. This short description aims at alleviating the problem.

Creating a local truststore

Creating a truststore with the nczisk certificate with the InstallCert program:

  1. get the InstallCert source code from https://github.com/manniche/installcert

  2. get the certificate from the nczisk site:

    echo -n | openssl s_client -connect ecrts.nczisk.sk:443 | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > ecrts.nczisk.sk
  3. build the binaries with mvn package
  4. run the program: 
    java -cp target/classes com.aw.ad.util.InstallCert ecrts.nczisk.sk
  5. copy the resulting jssecacerts keystore into the root of the TSAM Synchronizer folder.
  6. In the bin/ folder of the TSAM Synchronizer, edit the epsos.properties, adding the following information:
javax.net.ssl.keyStore={absolute path}/epsos-common-components.tsam-sync/jssecacerts
javax.net.ssl.trustStore={absolute path}/epsos-common-components.tsam-sync/jssecacerts