Many times, the applications need to access services that use SSL (Secure Sockets Layer). SSL is a standard to make safe interaction through encryption. More detail about cryptography you can access this other post about JCA.

How it works

padlock.png You will identify if a site is safe using SSL (HTTS), for example, when a padlock is visible on the address bar. The padlock will identify that the page is safe and use a certificate. To see that you just need to click on the padlock.

If your application needs to communicate with this service you must to get this certificate. Access and download the file. This certificate will have the public key used to authorize the communication.

Let's see two important files involved in the storage of key.

Truststore

The Truststore is the file with the public key. This file will be used to establish the connection over the SSL. The file is the cacerts that you will find inside the folder '$JAVA_HOME/jre/lib/security'.

When you download the certificate you should add that inside the cacert file. It is done using the keytool, the java tool to manipulate keys and certificate.

$JAVA_HOME\bin\keytool -importcert -file yourCert.cer -keystore $JAVA_HOME\jre\lib\security\cacerts -alinas "CertName" -storepass changeit

The command to list and verify is:

$JAVA_HOME\bin\keytool -list -keystore $JAVA_HOME\jre\lib\security\cacerts

Keystore

The Keystore has the private key and certificate. It is used by the application server. To add and list the certificates you can use the same commands.

PS

PS: Every update on this file you must restart your server.

PS: "changeit" is the default password. You can change this password and the location of the certificate files

Conclusion

Work with SSL with Java is not a big deal. However, it can give some headache. Usually, the problems are related to the place where the files are stored or you forget to restart the server.

Pay attention to the $JAVA_HOME. The server will look for the cacert file in that place by default.

References