Original program written by Andreas Sterbenz, and posted in Oct, 2006.
The link to Andreas' blog post no longer works but the source was linked here.
This is a fork from the version maintained by Eric Cline.
InstallCert allows you to quickly add the SSL certificate from a server into the truststore (jre/lib/security/jssecacerts file) of the JVM you are running.
It is particularly useful when developing Java applications that need to connect to test servers that use untrusted self-signed SSL certificates and you get the typical exception below:
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
- It starts an SSL handshake with the server.
- Retrieves the certificate chain the server identifies itself with.
- Loads the JVM's truststore (jre/lib/security/jssecacerts). If the jssecacerts file does not exist yet in the JVM, it creates it by copying jre/lib/security/cacerts.
- Creates a backup of the current jssecacerts truststore.
- Adds the chosen certificate from the chain returned by the server in the jssecacerts truststore.
javac InstallCert.java
java InstallCert host:[port] [passphrase]
Note you might need to execute InstallCert as root because it will try to update the truststore in the installation directory of the JVM.
host: domain name where the SSL certificate will be retrieved from.port: port where the server is listening to. The default value is 443, the default HTTPS port.passphrase: password of the jssecacerts truststore (or the cacerts one if jssecacerts has not been created yet). The default value ischangeit.
java InstallCert untrusted-root.badssl.com
java InstallCert untrusted-root.badssl.com:1234
java InstallCert untrusted-root.badssl.com my_jssecacerts_password