How 2 allow untrusted servercertificates with javax.net.ssl.SSLSocket?

[cra]

Hi,

I want to use SSL simply to crypt data. It is *not* important to me to validate the identity of the server. So how do I convince javax.net.ssl.SSLSocketFactory and SSLSocket to accept *any* server certificate when I open a connection in my Java client?

I created the server certificate using OpenSSL and signed it by myself using an own certificate authority. I imported it using keytool, but then another question: How to set the keystored password programmatically in my client program?

The optimal solution would be to allow any server certificate by programming, not by keytool.

Does anyone have an idea?

P.S. I searched the whole tek-tips site already and found no answers

 

[frag]

Hi!

Sorry, but I can't tell you how to get rid of the certificate but I can show you how make get around the the password for the client.
I solved this in the following way:

1. Generate your self-signed certificate (you already did that)
2. Copy the certificate into the server's directory and into the client's directory.
3. Call the server like this: java -Djavax.net.ssl.keyStore=myKeystore -Djavax.net.ssl.keyStorePassword=myPassword myServer
4. Call the client: java -Djavax.net.ssl.trustStore=myKeystore myClient

There you go, no need to enter a password for the client.


Cheers

frag


patrick.metz@epost.de