Win a copy of Five Lines of Code this week in the OO, Patterns, UML and Refactoring forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
  • Campbell Ritchie
  • Bear Bibeault
  • Ron McLeod
  • Jeanne Boyarsky
  • Paul Clapham
  • Tim Cooke
  • Liutauras Vilda
  • Junilu Lacar
Saloon Keepers:
  • Tim Moores
  • Stephan van Hulst
  • Tim Holloway
  • fred rosenberger
  • salvin francis
  • Piet Souris
  • Frits Walraven
  • Carey Brown

regarding cacerts from JAVA_HOME\jre\lib\security

Ranch Hand
Posts: 98
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi All,

I have some problems with secure connections. My jargon might not be at its best in this case coz I am relatively new to SSL and secure java programming. Here's the situation:

I have a client certificate which I have to include in my code to get access to a secure site. They asked me to create a keystore and a truststore. I created them and stored them in my c: directory for testing purposes and easy access. I didnt place anything in jre1.5.0_02\lib\security. My piece of code looks like this -


char[] cert_passphrase = "YOUR_CERT_PASSWORD".toCharArray();
char[] store_passphrase = "YOUR_STORE_PASSWORD_or_changeit".toCharArray();

// SSLContext object, a protocol implementation that behaves as a
// factory for secure socket factories.
SSLContext ctx = SSLContext.getInstance("TLS","SunJSSE");

// Keystore object for the client certificate. Essentially an in-memory
// collection of private keys and any associated certificate chains.
// Use the path to the client (private) .pfx/.p12 certificate file and
// the certificate passphrase.
KeyStore keyStore = KeyStore.getInstance("PKCS12");
keyStore.load(new FileInputStream("C:\\certfile.pfx"), cert_passphrase);

// KeyManagerFactory object needed to associate the client certificate with
// the SSLContext object.
KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("SunX509", "SunJSSE");
keyManagerFactory.init(keyStore, cert_passphrase);

// Keystore object for the store (to access trusted server certs or CAs).
// Use the path to the global JRE "cacerts" file or a local ".keystore" file
// and the store passphrase.
KeyStore trustedKeyStore = KeyStore.getInstance("JKS");
trustedKeyStore.load( new FileInputStream("C:\\castore.jks"), store_passphrase);

// TrustManagerFactory object needed to associate the root store with the
// SSLContext object
TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("SunX509", "SunJSSE");

// Associate both the client certificate and the root store with the
// SSLContext object
ctx.init(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), null);

// Create an SSLSocketFactory using the SSLContext object and use that
// factory as the default factory for HTTPS connections.
SSLSocketFactory sslSocketFactory = ctx.getSocketFactory();

// Choose either the beta or production target POST URL
URL url = new URL("";);
// URL url = new URL("";);

// Create a URLConnection object, enable I/O, disable caching, set the Content-Type
URLConnection c = url.openConnection();


now...all of the above validates fine....doesn't throw exceptions anywhere but after - when I try to get an outputStream as in


OutputStream out = c.getOutputStream();


I get the following error: No trusted certificate found

and yes I do have the certificate in my IE - internet options - content - certificates and it is valid till 2007.

Should I place the certificate in the jre? is that a must? I might be doing something really stupid here...hehee...but any help would be really appreciated.
You had your fun. Now it's time to go to jail. Thanks for your help tiny ad.
Thread Boost feature
    Bookmark Topic Watch Topic
  • New Topic