Categories:
Android (13)
Apple Mac (29)
DH Keys (39)
DSA Keys (69)
EC Keys (551)
Firefox (31)
General (12)
Google Chrome (25)
Intermediate CA (152)
Java VM (33)
JDK Keytool (28)
Microsoft CertUtil (29)
Microsoft Edge (9)
Mozilla CertUtil (22)
OpenSSL (237)
Other (7)
Portecle (38)
Publishers (2674)
Revoked Certificates (30)
Root CA (89)
RSA Keys (2213)
Tools (46)
Tutorial (3)
What Is (22)
Windows (129)
Collections:
Other Resources:
Server Certificate Validation In Java
How a Java application validates the certificate received from a server? Is the server's certificate automatically trusted?
✍: FYIcenter.com
No. Server's certificate will not be automatically trusted by any Java application.
When a Java application receives a certificate from a server,
it will try to validate the certificate again trusted certificates
following these rules:
1. If JVM system properties: javax.net.ssl.trustStore and javax.net.ssl.trustStorePassword are defined, Java application will search for trusted certificates in the keystore file specified injavax.net.ssl.trustStore.
2. If javax.net.ssl.trustStore is not defined, Java application will search for trusted certificates in the default keystore file located at $JAVA_HOME/lib/security/jssecacerts.
3. If $JAVA_HOME/lib/security/jssecacerts does not exist, Java application will search for trusted certificates in the default keystore file located at $JAVA_HOME/lib/security/cacerts.
4. If a trusted certificate is found and it matches the root certificate in the certificate chain of the server certificate, the server certificate will be considered as trusted and the communication with server will continue.
5. If no trusted certificate is found to match the root certificate in the certificate chain of the server certificate, the server certificate will be considered as not trusted and the communication with server will stop. A Java exception error will be returned.
⇒ What Is JKS (Java KeyStore) File
⇐ Using Certificates with Java VM
2012-07-21, 6365👍, 0💬
Popular Posts:
Certificate summary - Owner: a248.e.akamai.net, "Akamai Technologies, Inc.", US Issuer: GTE CyberTru...
Certificate Summary: Subject: VeriSign, Inc., VeriSign International Server CA - Class ... Issuer: C...
How to view general information of a certificate in Firefox? I want to know when is the expiration o...
Certificate summary - Owner: USERTrust Legacy Secure Server CA, The USERTRUST Network, L=Salt Lake C...
How to get a list of all certificates in "Third-Party Root Certification Authorities" certificate st...