java.lang.SecurityException: The jurisdiction policy files are not signed by a trusted signer
Rather than mixing runtime and policy file versions, you should use the policy files for Java 7.
jsse
Is there a way to load a different cacerts than the one specified in the java_home/jre/lib/security folder?
I think you want to specify the truststore: java -Djavax.net.ssl.trustStore=/home/gene/mycacerts … Or if you are using certs through JSSE (you probably are), you can copy your truststore to jssecacerts in the $JAVA_HOME/jre/lib/security/ directory (although you’d still have to do that each time a JDK got installed/reinstalled). Sun’s JSSE looks for $JAVA_HOME/jre/lib/security/jssecacerts before $JAVA_HOME/jre/lib/security/cacerts. See http://java.sun.com/javase/6/docs/technotes/guides/security/jsse/JSSERefGuide.html#X509TrustManager
java – path to trustStore – set property doesn’t work?
You have a typo – it is trustStore. Apart from setting the variables with System.setProperty(..), you can also use -Djavax.net.ssl.keyStore=path/to/keystore.jks
Registering multiple keystores in JVM [duplicate]
Raz’s answer was a great start, but wasn’t quite flexible enough to meet my needs. The MultiStoreKeyManager explicitly checks the custom KeyManager and then falls back to the jvm KeyManager if an operation fails. I actually want to check jvm certs first; the best solution should be able to handle either case. Additionally, the answer … Read more
Why does java have both the cacerts and jssecacerts files?
From Java™ Secure Socket Extension (JSSE) Reference Guide, TrustManagerFactory uses the following steps to try to find trust material: system property javax.net.ssl.trustStore java-home/lib/security/jssecacerts java-home/lib/security/cacerts (shipped by default) I think this is based on convention over configuration concept. Without extra coding effort, cacert will be used. For extra private CA/Signing certs, a developer either can use … Read more
javax.net.ssl.SSLException: Received fatal alert: protocol_version
On Java 1.8 default TLS protocol is v1.2. On Java 1.6 and 1.7 default is obsoleted TLS1.0. I get this error on Java 1.8, because url use old TLS1.0 (like Your – You see ClientHello, TLSv1). To resolve this error You need to use override defaults for Java 1.8. System.setProperty(“https.protocols”, “TLSv1”); More info on the … Read more
scp transfer via java
I ended up using Jsch– it was pretty straightforward, and seemed to scale up pretty well (I was grabbing a few thousand files every few minutes).
Java client certificates over HTTPS/SSL
Finally solved it ;). Got a strong hint here (Gandalfs answer touched a bit on it as well). The missing links was (mostly) the first of the parameters below, and to some extent that I overlooked the difference between keystores and truststores. The self-signed server certificate must be imported into a truststore: keytool -import -alias … Read more
Keystore type: which one to use?
There are a few more types than what’s listed in the standard name list you’ve linked to. You can find more in the cryptographic providers documentation. The most common are certainly JKS (the default) and PKCS12 (for PKCS#12 files, often with extension .p12 or sometimes .pfx). JKS is the most common if you stay within … Read more
How can I use different certificates on specific connections?
Create an SSLSocket factory yourself, and set it on the HttpsURLConnection before connecting. … HttpsURLConnection conn = (HttpsURLConnection)url.openConnection(); conn.setSSLSocketFactory(sslFactory); conn.setMethod(“POST”); … You’ll want to create one SSLSocketFactory and keep it around. Here’s a sketch of how to initialize it: /* Load the keyStore that includes self-signed cert as a “trusted” entry. */ KeyStore keyStore = … Read more