users@glassfish.java.net

Re: Add SSL certs at runtime

From: Shing Wai Chan <Shing-Wai.Chan_at_Sun.COM>
Date: Tue, 20 Feb 2007 10:02:12 -0800

Hi Danny,
In production env, one will have certificates from common CAs, like
Versign et al.
By default, GlassFish trusts those certs.
If you are using self-signed certs (as in developer env), then you have
to copy those certs to cacerts.jks as mentioned below.
As an alternative, you can have your own CA and then sign all your own
certs.
(You can use NSS tools here!)
In this case, you only need to import your own CA cert into cacerts.jks.
Thanks.
     Shing Wai Chan

glassfish_at_javadesktop.org wrote:
> Hi,
>
> does anybody know a way to add SSL certs that I want to trust to glassfish at
> runtime? In my business logic I use a library that connects via HTTPS to a remote
> host and always fails until I add the certificate to
>
> $GLASSFISH_HOME/domains/<domain>/config/cacerts.jks
>
> and restart Glassfish.
>
> The tricky part now is that the remote host is defined by the user so I have to find a
> way to trust any certificate. Is there any way to set some kind of policy, some way of
> trusting a cert?
>
> Thanks for any help!
> -Danny
> [Message sent by forum member 'dan_b' (dan_b)]
>
> http://forums.java.net/jive/thread.jspa?messageID=204236
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
> For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>
>