Hi Scott,
On 6/13/07, Scott Peters <[EMAIL PROTECTED]> wrote:
Hello,
I have a setup where SSL is working using MINA and the Bogus SSL filter
when it connects to itself.
The server program that uses a self signed certificate. How do I get
the client JVM to trust this self signed certificate? I have control
over the client JVM but not the socket code that connects to the server
as it is from a third party.
If what I have read that I should be able to create the bogus self
signed cert as is done in the SSL example code in the MINA framework and
somehow import that into the java cacerts file such that the client
program will trust that certificate. But I can not get it to work.
There are a few ways to make your SSL client to accept self-signed certificate.
1) Use a keystore; use -Djavax.net.ssl.trustStore=<cacerts keystore
path> option when you launch the JVM. You can use the keytool to
import the self-signed certificate into the cacerts file.
2) I don't remember correctly, but there's an interface that JDK
provides so you can implement a logic that verifies the server
certificate.
3) There's 'Not-Yet-Commons SSL' project that helps setting up
SSL-related stuff. You could consult the manual there.
HTH,
Trustin
--
what we call human nature is actually human habit
--
http://gleamynode.net/
--
PGP Key ID: 0x0255ECA6
