Test if Java trusts an SSL certificate
Posted
by
Eric R. Rath
on Stack Overflow
See other posts from Stack Overflow
or by Eric R. Rath
Published on 2013-07-02T17:02:15Z
Indexed on
2013/07/02
17:05 UTC
Read the original article
Hit count: 252
java
|ssl-certificate
My java web application uses the standard mail libraries to establish an IMAPS connection to a mail server under my control. The mail server used a valid SSL cert issued by a CA. When the cert expired, I renewed it from the same CA, and put the cert into use. But my web application wouldn't trust the new cert. We had never explicitly trusted the old cert, or managed any trust stores.
I talked with someone from the CA, and we tracked it down to a difference in the intermediate certs between the old and new cert. The old one used multiple intermediates, including one tied to a root that must've been trusted by default by our version of Java. The new cert used only one intermediate cert, and it was tied to a root missing from our Java version's default trusted cert store.
When we renew this cert again in the future, is there an easy way, given a new crt and intermediate crt file, test if Java will consider that cert valid? I didn't see anything in keytool that looked promising. A code solution is okay, but I'd prefer one based on the Java command-line tools.
© Stack Overflow or respective owner