Programmatically adding a trusted cert in Java

Question

I use SSL to communicate between two components written in Java. I can\'t use a CA, so I have to self-sign everything. Unfortunately, this means that when I try to handshake, I

Answer 1

Why don't you create your own CA and sign your certificates with that? Then all you would need to do is install the CA own certificate on the machines and every certificate signed by that CA would validate.

Answer 2

Why would you need to do this, you are not validating that the client is who they say they are you are only using the certs to encrypt the comms, so a custom trust manager that allows all certs is all you need. What you are asking is possible and from memory also involves a custom trust manager to validate the certificates and store them in the keystore. I can't remember the details, but at least you know it is possible to do it.

Answer 3

Yes it is possible.

There is some code here that I've used before. I had to modify it to do what I wanted and I suspect that you will too but this should get you close - you aren't trying to import a key so theoretically you should be able to simplify things. In any case you can get an idea of what you'll need.

The JDK JavaDoc for java.security.KeyStore is pretty useful too.