Using Self-Signed Certificates with Java and Maven

JAVA applications using JSSE (Java Secure Socket Extension) can’t connect to servers with self-signed or untrusted certificates by default. Maven for example is not able to download required dependencies from a nexus server, if that uses a self-signed certificate or the certificate authority is not recognized. If you try to connect to a server of that kind a security ValidatorException will be thrown:

To make maven or other application work with a server using an untrusted certificate you have to create your own truststore, which than contains the certificate of the server. Next you would have to make your application use this created truststore in order make connections to the server. This can be done in several ways, but before that you can either use the JAVA class provided below or the attached JAR file J2EECert.jar to create that truststore yourself.
Using the JAR:
Where host is the URL to your server and you can also supply a pass phrase if necessarily. After running this you will be ask, which of the at the server present certificates – if more than one – you wish to install. Finally a file named jssecacerts is created in the current folder. This your new KeyStor containing the selected certificate. To use it with your application you can either supply the KeyStor at runtime with -Djava.security.KeyStore=jssecacerts or you copy the file to $JAVA_HOME/jre/lib/security, where the default truststore – cacerts – already exists. If you want all JAVA applications to recognize the certificate as trusted and not just JSSE, you could also overwrite the cacerts file in that directory.
The Source:

 

File(s):

Further Reading:

Leave a Reply