InstallCert.java - console app that allows you to get and download ssl keys from webservice you're trying to work with
Recently i was working on one of my Test Frameworks for API and i had to work with https. I faced with :
Here's how it works : The most simple way is exception during their execution. The reason was that i was working with dev server that has self signed certificate, which was absent in my local keystore. So, i googled a little bit and found this nice Java console app that allowed you in a very simple manner get a certificate. But in my case i need to use Proxy sometimes and that's why i decided to improve this app and add proxying possibilities to it. Final result can be found here
javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException:
unable to find valid certification path to requested target
Caused by: sun.security.validator.ValidatorException:
PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException:
unable to find valid certification path to requested target
Caused by: sun.security.provider.certpath.SunCertPathBuilderException:
unable to find valid certification path to requested target
In this case InstallCert will look for ssl certificates on https://google.com:443. Here's it's output
java InstallCert host=google.com
You simply press 1 and hit Enter button. As a result, you'll have your certificate added to your default keystore
host = google.com
Connecting to address without enabled proxy settings.
Loading KeyStore C:Program FilesJavajre7libsecuritycacerts...
Opening connection to google.com:443...
Starting SSL handshake...
No errors, certificate is already trusted
Server sent 3 certificate(s):
1 Subject CN=*.google.com, O=Google Inc, L=Mountain View, ST=California, C=US
Issuer CN=Google Internet Authority G2, O=Google Inc, C=US
sha1 3c 6b de 6c a0 a1 ae 6a e9 d5 bf b3 67 ab 12 4e 1b 98 8b fb
md5 27 91 da c0 73 30 85 db e3 23 ef 7d 6f aa 7f cd
2 Subject CN=Google Internet Authority G2, O=Google Inc, C=US
Issuer CN=GeoTrust Global CA, O=GeoTrust Inc., C=US
sha1 d8 3c 1a 7f 4d 04 46 bb 20 81 b8 1a 16 70 f8 18 34 51 ca 24
md5 9e 4a c9 64 74 24 51 29 d9 76 67 00 41 2a 1f 89
3 Subject CN=GeoTrust Global CA, O=GeoTrust Inc., C=US
Issuer OU=Equifax Secure Certificate Authority, O=Equifax, C=US
sha1 73 59 75 5c 6d f9 a0 ab c3 06 0b ce 36 95 64 c8 ec 45 42 a3
md5 2e 7d b2 a3 1d 0e 3d a4 b2 5f 49 b9 54 2a 2e 1a
Enter certificate to add to trusted keystore or 'q' to quit: [1]
To check that everything went well you can run this command again and you should see :
[
[
Version: V3
Subject: CN=*.google.com, O=Google Inc, L=Mountain View, ST=California
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: Sun EC public key, 256 bits
public x coord: 656756547611416355835880201008930358845723006450213197
628251447943028
public y coord: 396827319974765304927937356957360152389742209992235777
66752587796918
parameters: secp256r1 [NIST P-256, X9.62 prime256v1] (1.2.840.10045.3.
Validity: [From: Wed Dec 11 13:34:50 CET 2013,
To: Thu Apr 10 02:00:00 CEST 2014]
Issuer: CN=Google Internet Authority G2, O=Google Inc, C=US
SerialNumber: [ 4445eb4c d2c191ad]
Certificate Extensions: 9
[1]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
AuthorityInfoAccess [
[
accessMethod: caIssuers
accessLocation: URIName: http://pki.google.com/GIAG2.crt
,
accessMethod: ocsp
accessLocation: URIName: http://clients1.google.com/ocsp
]
]
...
[9]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 4E A2 DC AC DF 9C 45 35 DE A0 F7 C1 0A A6 88 19 N.....E5.......
0010: B7 6B D1 F7 .k..
]
]
]
Algorithm: [SHA1withRSA]
Signature:
0000: 71 BD 84 65 33 2E 28 65 AB 5D 2A C8 1F 38 47 9A q..e3.(e.]*..8G
0010: 43 DF BF 49 70 45 56 4C D9 D8 31 67 53 B5 82 40 C..IpEVL..1gS..
0020: 4B BE D4 61 39 82 A7 25 7A 7F 27 B9 AE F0 1F 32 K..a9..%z.'....
0030: 38 1E 7B 32 C9 8A A1 8E C6 66 5B 45 96 85 25 FB 8..2.....f[E..%
0040: DB D7 05 9B 40 1B 44 DC 8D 19 2D 94 0F FE 0B 67 ....@.D...-....
0050: E9 7D 8F 2B 93 50 B4 51 DF D0 97 4A A1 73 B3 46 ...+.P.Q...J.s.
0060: 26 A8 E7 21 20 5D 5E 86 5D C2 1B D9 0B B9 E5 95 &..! ]^.]......
0070: FE 87 2F 2A 99 B1 3D 8D F9 59 A6 B6 0B A4 A4 91 ../*..=..Y.....
0080: 81 4E EA 03 8F 6C 42 18 89 27 2C 88 C6 E9 50 A9 .N...lB..',...P
0090: 45 69 1E 82 BD 22 48 2B A0 5C E9 37 86 51 CD 57 Ei..."H+..7.Q.
00A0: 8B C6 ED 7E FE E7 B6 F8 FC 82 9E AE E5 9D 1E 74 ...............
00B0: 18 5C 34 4C 2B 7A C5 3C C1 9B D5 AF F3 33 6C E8 .4L+z.00C0: AE 94 B1 3A 0B CD BD EF 9D 75 46 BD 91 F0 C0 55 ...:.....uF....
00D0: D2 87 46 5B AF 8B A1 9A 0F 8E 06 C4 F1 42 7C AB ..F[.........B.
00E0: 58 79 59 A5 F3 4D 98 6C 8C 97 93 B0 0E 8E A1 3E XyY..M.l.......
00F0: BF 11 83 D0 95 22 27 69 6A E8 66 84 8C 59 0D 49 ....."'ij.f..Y.
]
Added certificate to keystore 'cacerts' using alias 'google.com-1'
Besides that you can also specify :
Opening connection to google.com:443...
Starting SSL handshake...
No errors, certificate is already trusted