Java programmatically create truststore and import certificates into it

preview_player
Показать описание
In this video we are going to setup truststore and then load certificates in it programmatically.
Up till now we were manually generating truststore and then loading certs in it, doing it using code means that, instead of opening a command prompt or git bash or a terminal window then using keytool to generate a truststore and then importing all certificates one by one, we will simply use code to generate a truststore and then load all certs using a loop.
truststore will be generated in-memory we will then we will write it to disk.
Once it is saved to a location, we will then set that location in java system properties and then use the saved truststore to connect to the URL that is giving us the PKIX or SSL Handshake exception.

Now I will be creating the truststore and then storing it in temp directory, as once the connection is complete, I will then use java File class to delete the file on exit.
This approach is helpful if you want to simply add certs to a location and want all certs to be auto loaded when program runs, this way when a cert expires you can simply update the cert and trigger a redeploy.

We will use java system property to get the temp folder, java separator to automatically apply the correct path separator like forward or backslash depending on the OS the program is running and auto closable logic to automatically close the file writers once the truststore is written.

Channel #Rahul Random Learnings #RahulRandomLearnings #RahulRandom Learnings Opinion Disclaimer:
The views and opinions expressed here are my own and not the views of my employer.
The content uploaded on my channel is not intended to malign any religion, ethic group, club, organization, company, individual or anyone or anything.
  1. Rahul Random Learnings
  2. sun.security.validator.ValidatorException
  3. sun.security.provider.certpath.SunCertPathBuilderException
  4. unable to find valid certification path to requested target
  5. Unable to connect to SSL
  6. javax.net.ssl.SSLHandshakeException
Рекомендации по теме
Java programmatically create 0:11:27

Java programmatically create truststore and import certificates into it

Java programmatically create 0:27:48

Java programmatically create keystore and truststore and import certificates into it

Java programmatically add 0:18:53

Java programmatically add custom trusted + default certificates using SSLContext setDefault

Cacert | Trust 0:03:32

Cacert | Trust Store | Key Store in 3 minutes

Keystore VS Truststore 0:03:37

Keystore VS Truststore - JAVA Programming - Kiran Ahsan - Unique Tech

how to add 0:05:22

how to add ssl certificate in java

Creating Keystore and 0:04:44

Creating Keystore and Truststore for SSL/TLS | Step wise step Tutorial

Generating KeyStores and 0:17:07

Generating KeyStores and TrustStore using Keytool and OpenSSL - Part 2

sslhandshakeexception detailed explanation 0:19:34

sslhandshakeexception detailed explanation using pem, p12 or cert and key format with REST Assured

HTTP to HTTPS 0:13:04

HTTP to HTTPS using SSL and SpringBoot | Java Techie

Https with TLS 0:16:27

Https with TLS and springboot | Microservices | Java Expert

Part 1 # 0:03:08

Part 1 # Spring Boot with SSL: Prepare Keystore and Truststore

Explaining Keystores | 0:08:23

Explaining Keystores | Part 1 - JKS

Java keystore and 0:05:51

Java keystore and truststore explanation

Java :Trust Store 0:03:23

Java :Trust Store vs Key Store - creating with keytool(5solution)

How to add 0:01:56

How to add a certificate to java keystore

How to use 0:06:25

How to use KeyStore API for mutual TLS Handshake? | Java Development

How to Enable 0:06:15

How to Enable or Configure SSL (HTTPS) certificate in Spring boot Application | PKCS12 - Self Signed

REST Assured API 0:12:25

REST Assured API Testing step by step tutorial to resolve sslhandshakeexception

Certificates from Scratch 0:21:50

Certificates from Scratch - X.509 Certificates explained

HTTP, One way 0:18:33

HTTP, One way SSL and 2 way SSL Authentication using Java Spring boot - Part 3 #video #java #coding

Automic Automation – 0:06:49

Automic Automation – Self-Signed Certificates (Java Truststore)

Unix & Linux: 0:02:12

Unix & Linux: How to create keystore and truststore using self-signed certificate?

How To Import 0:13:59

How To Import SSL in JRE/Cacerts/Keystore (in easy way)

Комментарии
Автор

Based on below comments/requests I have created video to programmatically create KeyStore + TrustStore and import certificates into it.

This covers how to add p12 into keystore and multiple key formats.

rahulrandomlearnings
Автор

Nicely explained. Covering relevant details.

asadnayani
Автор

Nicely Explained, good example! Thanks!

Pooja-mlop
Автор

what is truststorepath?? and why its needed since cert file is already loaded as filestream..

devpriya
Автор

Let's say we have a lot of Intermediate and Root certificates. Can we dynamically download these certs so as not to do it manually through the browser? If so, how often is this practiced in reality?🤔

snoopygr
Автор

And i have one doubt, need to verify trusted certificate with the server shared certificate right, please share code related to it.

mannepallisreenivasulu
Автор

We are using spring boot application, we want to disable SSL certificate validation in code, is that possible?

archanayuvaraj
Автор

Hi Rahul, thanks for the information 👏👏
how to add the jks file to trusted keys in jdk? please provide the keytool commands for creating .jks from .cer file

abhilashp
Автор

Hi Rahul i am getting Keystore was tampered with, or password was incorrect any idea about this error

irshadmohammedyakubkhan
Автор

@rahul why we need to take root certs only, why not secondary certs?

brahmadarapaneni
Автор

If we can access with root certs, then why we have intermediate certs Rahul?

brahmadarapaneni
Автор

Thank you for the video. So that means that we can deploy the code without having to worry whether the server that we are hosting our application allows htpps requests or not?
Lets say that my app ins on Kubernetes or widfly but I can't set the https/ssl there, but I can setup a keystore localy like in your previous video, now I can run it locally but I will still facing PKIX problem when they deploy it. So the alternative is the aproach you used in this video, since the certificate is in the project directory and will be deployed along with the code?

heliocavadissa
Автор

Does api certs and browser certs are same?

brahmadarapaneni
Автор

Hello Rahul, what to do if I have one cer & one key file but key file having so much length how will i do config java code

pabbusrinu
Автор

Hey I am getting this error JKS not found
What should I do to resolve this. Thanks in advance.

dost-malone
Автор

What if I have a pfx file with a private key instead of .cer? What changes do I need to do in that case?

gopalrao
Автор

Hi Rahul, what to do if I have multiple cer & one key file

amrutapatil
Автор

Please I got this error:
SSLHandshakeException: Received fatal alert: handshake_failure

Please any help what can be ?

AhmedKhaled-hemf
Автор

Thanks very much
Please can we get your source code Java ?

AhmedKhaled-hemf