Win a copy of Murach's Python Programming this week in the Jython/Python forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic

regarding cacerts from JAVA_HOME\jre\lib\security  RSS feed

Preetham Chandrasekhar
Ranch Hand
Posts: 98
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi All,

I have some problems with secure connections. My jargon might not be at its best in this case coz I am relatively new to SSL and secure java programming. Here's the situation:

I have a client certificate which I have to include in my code to get access to a secure site. They asked me to create a keystore and a truststore. I created them and stored them in my c: directory for testing purposes and easy access. I didnt place anything in jre1.5.0_02\lib\security. My piece of code looks like this -


char[] cert_passphrase = "YOUR_CERT_PASSWORD".toCharArray();
char[] store_passphrase = "YOUR_STORE_PASSWORD_or_changeit".toCharArray();

// SSLContext object, a protocol implementation that behaves as a
// factory for secure socket factories.
SSLContext ctx = SSLContext.getInstance("TLS","SunJSSE");

// Keystore object for the client certificate. Essentially an in-memory
// collection of private keys and any associated certificate chains.
// Use the path to the client (private) .pfx/.p12 certificate file and
// the certificate passphrase.
KeyStore keyStore = KeyStore.getInstance("PKCS12");
keyStore.load(new FileInputStream("C:\\certfile.pfx"), cert_passphrase);

// KeyManagerFactory object needed to associate the client certificate with
// the SSLContext object.
KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("SunX509", "SunJSSE");
keyManagerFactory.init(keyStore, cert_passphrase);

// Keystore object for the store (to access trusted server certs or CAs).
// Use the path to the global JRE "cacerts" file or a local ".keystore" file
// and the store passphrase.
KeyStore trustedKeyStore = KeyStore.getInstance("JKS");
trustedKeyStore.load( new FileInputStream("C:\\castore.jks"), store_passphrase);

// TrustManagerFactory object needed to associate the root store with the
// SSLContext object
TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("SunX509", "SunJSSE");

// Associate both the client certificate and the root store with the
// SSLContext object
ctx.init(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), null);

// Create an SSLSocketFactory using the SSLContext object and use that
// factory as the default factory for HTTPS connections.
SSLSocketFactory sslSocketFactory = ctx.getSocketFactory();

// Choose either the beta or production target POST URL
URL url = new URL("");
// URL url = new URL("");

// Create a URLConnection object, enable I/O, disable caching, set the Content-Type
URLConnection c = url.openConnection();


now...all of the above validates fine....doesn't throw exceptions anywhere but after - when I try to get an outputStream as in


OutputStream out = c.getOutputStream();


I get the following error: No trusted certificate found

and yes I do have the certificate in my IE - internet options - content - certificates and it is valid till 2007.

Should I place the certificate in the jre? is that a must? I might be doing something really stupid here...hehee...but any help would be really appreciated.
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!