Java web service over https - How to add a self-signed certificate into a client api?

The server key store do contain the server's self-signed certificate and private key and is used by the server to sign messages and to return credentials to the client.

I would like to write a client api which could use this service over https with a self-signed certificate. I have a self-signed certificate myCertificate. Cer and a keystore containing it.

The server key store do contain the server's self-signed certificate and private key and is used by the server to sign messages and to return credentials to the client. On the client-side, you need to import the server certificate into the client trust store (and generally, you don't want the private key in the client trust store so you extract a stand-alone certificate file i.e. Without the private key and then you import that server certificate in the trust store).

It works but I would like to use myCertificate. Cer and not a keystore containing it. It's not a key store but a trust store and adding the certificate to the client trust store is required because self-signed certificates are not signed by a root CA and are not trusted by default.So you need to create a chain of trust.

Now, you can maybe distribute the trust store in the JAR of the client API. This approach is discussed in this thread (the biggest problem being that you'll have to redistribute the JAR when the server certificate expires). Personally, I don't really like this solution.

IMHO, the good solution if you want to skip the trust store stuff would be to buy a real certificate from a widely-known certificate vendor for which you already have root CA certificates in the trust store (like Verisign, Thawte).

1 for suggesting the use of a certificate from a well known issuer. – Taylor Leese Feb 8 '10 at 23:24.

I would just add the certificate to the cacerts file of the JDK running your app. If you do this then you won't have to do anything else. The code you have above wouldn't be required.

You add the certificate to the keystore by running a command similar to below: C://jre/lib/security/cacerts.

I would just add the certificate to the cacerts file of the JDK running your app. If you do this then you won't have to do anything else. The code you have above wouldn't be required.

You add the certificate to the keystore by running a command similar to below.

I cant really gove you an answer,but what I can give you is a way to a solution, that is you have to find the anglde that you relate to or peaks your interest. A good paper is one that people get drawn into because it reaches them ln some way.As for me WW11 to me, I think of the holocaust and the effect it had on the survivors, their families and those who stood by and did nothing until it was too late.