my question : if the user of my application didn't added his self-signed certificate to jdk's keystore, is there a way i can automate this process? is it possible to connect through ssl using only a self-signed certificate and force the jdk to accept this self-signed certificate?
"Computer science is no more about computers than astronomy is about telescopes" - Edsger Dijkstra
Rusty Shackleford wrote:
my question : if the user of my application didn't added his self-signed certificate to jdk's keystore, is there a way i can automate this process? is it possible to connect through ssl using only a self-signed certificate and force the jdk to accept this self-signed certificate?
I don't have a lot of experience, but you should be able to create a dialog to let the user choose to accept the certificate and then programmatically call keystore.
Do not accept is behind the scenes, and seriously consider a signed certificate if you are going offer your program to others. IMO, self signed certs are acceptable for testing and internal use, like inside a LAN, but nothing else.
"Computer science is no more about computers than astronomy is about telescopes" - Edsger Dijkstra
Rusty Shackleford wrote:
I don't have a lot of experience, but you should be able to create a dialog to let the user choose to accept the certificate and then programmatically call keystore.
Do not accept is behind the scenes, and seriously consider a signed certificate if you are going offer your program to others. IMO, self signed certs are acceptable for testing and internal use, like inside a LAN, but nothing else.
"Computer science is no more about computers than astronomy is about telescopes" - Edsger Dijkstra
Rusty Shackleford wrote:I believe a KeyStoreException is thrown if there is a certificate problem. Here is more information about handling certificates.
The problem with your viewpoint is that the vast majority of computer users don't have the required knowledge to be able to make an informed decision about self-signed certificates. Many security professionals wouldn't be able to tell if it is valid or not either, unless they had prior knowledge of the certificate and its fingerprints. The difference is security pros would likely not accept it but could at least make an informed decision and your "average" user has been conditioned to blindly accept everything. This is the big flaw of SSL, but nothing better has been developed yet, but at least signed certificates strengthen the system quite a bit. Self-signed certificates are a small step up from transmitting data in the clear.
A wop bop a lu bob a womp bam boom. Tutti frutti ad:
We need your help - Coderanch server fundraiser
https://coderanch.com/wiki/782867/Coderanch-server-fundraiser
|