Using SSLContext with just a CA certificate and no keystore

by

Is is really true that there is no way around of generating a keystore
file and importing the CA certificate?

There are way to do it without a keystore file, but since you would have to load the CA certificate you want to trust one way or another, you’ll have to load a file or resource somehow.

(You could also certainly implement your own TrustManager that makes all the calls to use the Certification Path API, without using the KeyStore API at all, but that would only increase the complexity of your code, not reduce it. You would also need to understand the Java PKI Programmer’s Guide to do this correctly.)

If you really don’t want a keystore file, you could use the KeyStore API in memory and load the certificate directly.

Something along these lines should work (not tested):

InputStream is = new FileInputStream("cacert.crt");
// You could get a resource as a stream instead.

CertificateFactory cf = CertificateFactory.getInstance("X.509");
X509Certificate caCert = (X509Certificate)cf.generateCertificate(is);

TrustManagerFactory tmf = TrustManagerFactory
    .getInstance(TrustManagerFactory.getDefaultAlgorithm());
KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
ks.load(null); // You don't need the KeyStore instance to come from a file.
ks.setCertificateEntry("caCert", caCert);

tmf.init(ks);

SSLContext sslContext = SSLContext.getInstance("TLS");
sslContext.init(null, tmf.getTrustManagers(), null);

(Remember to close everything and handle the exceptions.)

Whether loading the certificate this way or loading the certificate into a similar KeyStore instance from a keystore file is more convenient is up to you to decide.

More Related Contents:

  1. Does Java support Let’s Encrypt certificates?
  2. How can I use different certificates on specific connections?
  3. why doesn’t java send the client certificate during SSL handshake?
  4. Import PEM into Java Key Store
  5. Using a custom truststore in java as well as the default one
  6. java – path to trustStore – set property doesn’t work?
  7. What is Keystore?
  8. How to build a SSLSocketFactory from PEM certificate and key without converting to keystore?
  9. Java: Loading SSL Keystore via a resource
  10. Setting multiple truststore on the same JVM
  11. How do I list / export private keys from a keystore?
  12. Can we load multiple Certificates & Keys in a Key Store?
  13. Why does SSL handshake give ‘Could not generate DH keypair’ exception?
  14. Problems using Maven and SSL behind proxy
  15. javax.net.ssl.SSLException: Received fatal alert: protocol_version
  16. How to programmatically set the SSLContext of a JAX-WS client?
  17. Error building AAB – Flutter (Android) – Integrity check failed: java.security.NoSuchAlgorithmException: Algorithm HmacPBESHA256 not available
  18. Java SSL: how to disable hostname verification
  19. Problems connecting via HTTPS/SSL through own Java client
  20. How to enable SSL 3 in Java
  21. Choosing SSL client certificate in Java
  22. How do I run my application as superuser from Eclipse?
  23. Java and SSL – java.security.NoSuchAlgorithmException
  24. How set up Spring Boot to run HTTPS / HTTP ports
  25. java.security.cert.CertificateException: Certificates does not conform to algorithm constraints
  26. How do I programmatically create a new KeyStore?
  27. How to connect to a secure website using SSL in Java with a pkcs12 file?
  28. How Can I Access an SSL Connection Through Android?
  29. SSLSocket ignores domain mismatch
  30. Java Keytool error after importing certificate , “keytool error: java.io.FileNotFoundException & Access Denied”

Leave a Comment