Problem Statement
Integrating an external module into an application requires accessing an SSL-secured website using a self-signed certificate. The existing code fails due to trust issues with the certificate. The challenge is to enable the application to accept this self-signed certificate only for this specific connection, without compromising trust for other connections or modifying the system-wide certificate store.
Optimal Solution
To selectively trust a self-signed certificate for a specific connection, create a custom SSLSocket factory and set it on the HttpsURLConnection before establishing the connection:
...
HttpsURLConnection conn = (HttpsURLConnection)url.openConnection();
conn.setSSLSocketFactory(sslFactory);
conn.setMethod("POST");
...Creating the SSLSocket Factory
To create the SSLSocket factory, initialize it as follows:
/* Load the keyStore that includes self-signed cert as a "trusted" entry. */
KeyStore keyStore = ...
TrustManagerFactory tmf =
TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
tmf.init(keyStore);
SSLContext ctx = SSLContext.getInstance("TLS");
ctx.init(null, tmf.getTrustManagers(), null);
sslFactory = ctx.getSocketFactory();Loading the Key Store
Load the key store containing the self-signed certificate as a "trusted entry":
KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType()); keyStore.load(trustStore, trustStorePassword); trustStore.close();
Alternative Key Store Loading Method
Alternatively, use keytool to import the PEM format certificate into a key store:
keytool -import -file selfsigned.pem -alias server -keystore server.jks
The above is the detailed content of How to Set Custom Certificate Trust for Specific SSL Connections in Java?. For more information, please follow other related articles on the PHP Chinese website!
![[Web front-end] Node.js quick start](https://img.php.cn/upload/course/000/000/067/662b5d34ba7c0227.png)
