This week's book giveaway is in the Agile forum.
We're giving away four copies of The Software Craftsman and have Sandro Mancuso on-line!
See this thread for details.
The moose likes Java in General and the fly likes regarding cacerts from JAVA_HOME\jre\lib\security Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login

Win a copy of The Software Craftsman this week in the Agile forum!
JavaRanch » Java Forums » Java » Java in General
Bookmark "regarding cacerts from JAVA_HOME\jre\lib\security" Watch "regarding cacerts from JAVA_HOME\jre\lib\security" New topic

regarding cacerts from JAVA_HOME\jre\lib\security

Preetham Chandrasekhar
Ranch Hand

Joined: Nov 05, 2003
Posts: 98
Hi All,

I have some problems with secure connections. My jargon might not be at its best in this case coz I am relatively new to SSL and secure java programming. Here's the situation:

I have a client certificate which I have to include in my code to get access to a secure site. They asked me to create a keystore and a truststore. I created them and stored them in my c: directory for testing purposes and easy access. I didnt place anything in jre1.5.0_02\lib\security. My piece of code looks like this -


char[] cert_passphrase = "YOUR_CERT_PASSWORD".toCharArray();
char[] store_passphrase = "YOUR_STORE_PASSWORD_or_changeit".toCharArray();

// SSLContext object, a protocol implementation that behaves as a
// factory for secure socket factories.
SSLContext ctx = SSLContext.getInstance("TLS","SunJSSE");

// Keystore object for the client certificate. Essentially an in-memory
// collection of private keys and any associated certificate chains.
// Use the path to the client (private) .pfx/.p12 certificate file and
// the certificate passphrase.
KeyStore keyStore = KeyStore.getInstance("PKCS12");
keyStore.load(new FileInputStream("C:\\certfile.pfx"), cert_passphrase);

// KeyManagerFactory object needed to associate the client certificate with
// the SSLContext object.
KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("SunX509", "SunJSSE");
keyManagerFactory.init(keyStore, cert_passphrase);

// Keystore object for the store (to access trusted server certs or CAs).
// Use the path to the global JRE "cacerts" file or a local ".keystore" file
// and the store passphrase.
KeyStore trustedKeyStore = KeyStore.getInstance("JKS");
trustedKeyStore.load( new FileInputStream("C:\\castore.jks"), store_passphrase);

// TrustManagerFactory object needed to associate the root store with the
// SSLContext object
TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("SunX509", "SunJSSE");

// Associate both the client certificate and the root store with the
// SSLContext object
ctx.init(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), null);

// Create an SSLSocketFactory using the SSLContext object and use that
// factory as the default factory for HTTPS connections.
SSLSocketFactory sslSocketFactory = ctx.getSocketFactory();

// Choose either the beta or production target POST URL
URL url = new URL("");
// URL url = new URL("");

// Create a URLConnection object, enable I/O, disable caching, set the Content-Type
URLConnection c = url.openConnection();


now...all of the above validates fine....doesn't throw exceptions anywhere but after - when I try to get an outputStream as in


OutputStream out = c.getOutputStream();


I get the following error: No trusted certificate found

and yes I do have the certificate in my IE - internet options - content - certificates and it is valid till 2007.

Should I place the certificate in the jre? is that a must? I might be doing something really stupid here...hehee...but any help would be really appreciated.

"In theory, there is no difference between theory and practice. But, in practice, there is."<br /> - Jan L.A. van de Snepscheut
I agree. Here's the link:
subject: regarding cacerts from JAVA_HOME\jre\lib\security