You can try to see if Let's Encrypt certificates are accepted as trusted by the intended client machines. It is not possible to make any general claims, because the set of trusted certificates depends on the version of Java and sometimes also the operating system.
Because Let's Encrypt are a new certificate authority, I think you would have to be rather lucky to have it so easy. Modern browsers do accept those certificates as trusted, but that does not mean a Java client will do the same. To check your system (a client machine which will be connecting to the server), you can first find a website which is using a recently issued certificate from letsencrypt: pick some host name from the list of issued certificates mentioned at https://letsencrypt.org/certificates/index.html#certificate-transparency and check in a browser (in some browsers clicking on the padlock icon next to the URL) that https:// connection to the host serves a certificate signed by letsencrypt (they will be the Issuer). The website at https://letsencrypt.org itself is not a good example, since it seems to be using a certificate which is signed differently from certificates you would be able to obtain. Once you have a suitable host name, you can try connecting from Java, using that host name in url="https://...";; new URL(url).openConnection().connect(); Most likely, it will fail with javax.net.ssl.SSLHandshakeException, meaning that the certificate is not trusted (as far as Java is concerned). And in that case, the only way to make it trusted is to manually add the letsencrypt certificate (or one of the certificates which signed it) to the set of trusted root certificates on you client machines (again, what to do exactly will depend on the system type). In the end, you can indeed use letsencrypt certificates, but there might be a fairly nontrivial amount of setup work required, especially in case the client machines are many or are not under your direct control. Regards, Tomas On Wednesday, May 18, 2016 at 5:29:46 PM UTC-4, Kerry Sainsbury wrote: > > Can't you use a free certificate from the EFF's "Let's Encrypt" project? > > https://letsencrypt.org/ > > > -- You received this message because you are subscribed to the Google Groups "H2 Database" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/h2-database. For more options, visit https://groups.google.com/d/optout.
