Can Java connect to wildcard ssl

Question

We wish to buy a wild-card SSL certificate as we have a lot of sub-domains. However I don\'t know if Java trusts wild-card certificates. As people connect into our API via S

Answer 1

I've attempted this with java 6.

It appears to work correctly. I've succesfully read headers and body content from a file that had a wildcard SSL certificate.

package com.example.test;

import java.io.DataInputStream;
import java.io.IOException;
import java.net.MalformedURLException;
import java.net.URL;
import java.net.URLConnection;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Map.Entry;


public class SSLTEST {
    public static void main(String[] args) {
        try {
            URL url = new URL("https://test.example.com/robots.txt");
            URLConnection connection = null;
            try {
                connection = url.openConnection();
            } catch (IOException e) {
                e.printStackTrace();
            }
            Map<String, List<String>> fields = connection.getHeaderFields();
            Iterator<Entry<String, List<String>>> headerIterator = fields.entrySet().iterator();
            System.out.println("HEADERS");
            System.out.println("-------------------------------");
            while (headerIterator.hasNext()){
                Entry<String, List<String>> header = headerIterator.next();
                System.out.println(header.getKey()+" :");
                Iterator<String> valueIterator = header.getValue().iterator();
                while (valueIterator.hasNext()){
                    System.out.println("\t"+valueIterator.next());
                }

            }

            String inputLine;
            DataInputStream input = new DataInputStream(connection.getInputStream());
            System.out.println("BODY CONTENT");
            System.out.println("-------------------------------");
            while ((inputLine = input.readLine()) != null) {
                System.out.println(inputLine);
            }


        } catch (MalformedURLException e) {
            System.err.println(e);
        } catch (IOException e) {
            e.printStackTrace();
        }
    }
}

EDIT I've just recieved confirmation that this works on java 1.5

Answer 2

The default implementation in Sun's JSSE doesn't support wildcard. You need to write your own X509TrustManager to handle wildcard.

However, Java supports SAN (Subject Alternative Names) since Java 5. If you have less than 20 names, you can get one certificate for all of them. It may be cheaper than a wildcard cert.