Providing self-signed SSL certs to Java HTTP Clients

Asked May 31 '20 at 21:07

Active May 31 '20 at 21:17

Viewed 40 times

By default, java does not connect to peers having self-signed certs that fail hostname/subject validation.

I have been told of one approach to this is to modify the cacerts that ship with the JVM, and another is to provide a trusted cert store to your app via

-Djavax.net.debug=SSL,trustmanager 
-Djavax.net.ssl.trustStore=/path/to/trust.pkcs12 
-Djavax.net.ssl.trustStorePassword=somePassword

But only one of these approaches is likely to be the best practice. Which is the best practice?

edited May 31 '20 at 21:17

user207421

305,947
44
307
483

asked May 31 '20 at 21:07

Inquisitor Shm

1,433
5
17
26

2

Best practice is to use a real certificate instead of a self-signed one. They're free from Let's Encrypt. – Joseph Sible-Reinstate Monica May 31 '20 at 21:08
I wish I could. It's under consideration. – Inquisitor Shm Jun 01 '20 at 01:05

Providing self-signed SSL certs to Java HTTP Clients

0 Answers0