Java Programs Communicating with HTTPS Servers

PKI Tutorials - Herong's Tutorial Examples

∟Java Programs Communicating with HTTPS Servers

This chapter provides tutorial notes and example codes on writing Java programs communicating with HTTPS servers. Topics include using Java Secure Socket Extension (JSSE); using openStream() method in the java.net.URL class; using default trusted CA KeyStore file 'cacerts'; using 'keytool' to manage KeyStore files; using system property: javax.net.ssl.trustStore to override KeyStore file.

Java Secure Socket Extension (JSSE)

Using openStream() Method in java.net.URL Class

javax.net.ssl.trustStore System Property

Default Trusted KeyStore File - cacerts

PKIX Path Building Failed - No CA Certificate

Using openConnection() Method in java.net.URL Class

Conclusions:

Java Secure Socket Extension (JSSE) is JDK built-in extension to allow other SSL/TLS protocol and Public Key Infrastructure (PKI) implementations to be plugged in seamlessly.
With JSSE included, the openStream() method in java.net.URL class can be used to connect to an HTTPS server.
JSSE always verifies the server certificate against trusted root CA and intermediate CA certificates stored in a default KeyStore file, "cacerts".
JDK includes a command line tool, "keytool", for you to manage KeyStore files.
The default KeyStore file "cacerts" is password protected. The password is "changeit".
JSSE allows you override the KeyStore file by using the system property: javax.net.ssl.trustStore.