greetings from network.com: network.com activities

In a development environment you may have to interact with self-signed certificates, which are used to secure the services you offer. To communicate with a secured service that presents a self-signed certificate, a client imports the certificate into a local truststore or certificate database. When I import a certificate, I usually have to refer to the relevant man pages .... but I've done it enough times that I decided to create a utility to automate the process. Here's a java CertificateManager netbeans project that can be used to import a self-signed certificate from a remote host into a java keystore of your choice.

Usage: java -jar CertificateManager.jar -url https://{hostname}:{port} [-keystore {keystore}] [-pw {password}]

default keystore: ${java.home}/lib/security/cacerts

default pw: changeit

In order for the CertificateManager to accept self-signed certificates itself, I found the very useful SSLUtilities.java class.

If you work with sun ldap/ssl directory server configurations that use self-signed certificates, you will know that the certificates used by ldap are stored in the mozilla-style certificate database, commonly created at /var/ldap on a native ldap client. The certutil command is used to administer the ldap certificate database; you can add your java keystore certificate to the ldap certificate database as follows:

# Import remote self-signed certificate into local java keystore

java -jar ../tools/CertificateManager.jar -url ${url} -keystore ${ks} -pw ${pw}

# export certificate in rfc-form for import into certificate database

keytool -list -rfc -keystore ${ks} -storepass ${pw} > selfsigned.pem

# import into /var/ldap certificate database

/usr/sfw/bin/certutil -A -n "${alias}" -i selfsigned.pem -a -t CT -d /var/ldap

HTH ...

Jay