public class InstallCert extends Object
A program to obtain SSL certificate(s) from a host and save them to a keystore and optionally install them in local JSSE storage; the program collects SSL/TLS certificates from plain SSL/TLS hosts, and also from hosts that operate with STARTTLS extension for LDAP, SMTP, POP3 and IMAP.
Original article: http://blogs.sun.com/andreas/entry/no_more_unable_to_find
Original source: http://blogs.sun.com/andreas/resource/InstallCert.java
Author: Andreas Sterbenz, 2006
Currently available at: https://java.net/projects/javamail/pages/InstallCert
Current Google Code branch as web page: http://code.google.com/p/java-use-examples/source/browse/trunk/src/com/aw/ad/util/InstallCert.java
Current Google Code branch as Java code: http://java-use-examples.googlecode.com/svn/trunk/src/com/aw/ad/util/InstallCert.java
Source path in Google Code repository: svn/ trunk/ src/ com/
aw/ ad/ util/ InstallCert.java
Approach to STARTTLS with JavaMail: Eugen Kuleshov and Dmitry I.
Platonoff, JavaWorld.com, August 31, 2001
Java Tip
115: Secure JavaMail with JSSE
Merged together by: Sergey Ushakov (usn), 2012–2013
Use without STARTTLS extension for SMTP, POP3 and IMAP
protocols:
java -jar installcert-usn-....jar <host>[:<port>]
[<truststore_password>]
Default port is 443.
Default truststore password is "changeit" as per JSSE convention.
The program uses a keystore file named "extracerts" in the current
directory to store the new certificates, and also attempts to add them to
the standard system keystore jssecacerts
, see http://docs.oracle.com/javase/7/docs/technotes/guides/security/jsse/JSSERefGuide.html#X509TrustManager.
Example:
java -jar installcert-usn-20140115.jar
ecc.fedora.redhat.com
Use with STARTTLS extension for SMTP, POP3 and IMAP protocols:
on Windows:
java -cp installcert-usn-....jar;.../javax.mail.jar
usn.net.ssl.util.InstallCert <host>[:<port>]
[<password>]
on *ix:
java -cp installcert-usn-....jar:.../javax.mail.jar
usn.net.ssl.util.InstallCert <host>[:<port>]
[<password>]
Be sure to provide the real path to your local copy of
javax.mail.jar
:)
See Oracle Notes for use of SSL with JavaMail.
Modifier and Type | Class and Description |
---|---|
protected static class |
InstallCert.SavingTrustManager
An
X509TrustManager subclass that accumulates unknown
certificates in order to allow saving them afterwards. |
Modifier and Type | Field and Description |
---|---|
(package private) static SSLContext |
context |
(package private) static String |
EXTRA_CERTS_FILE_NAME |
(package private) static String |
PROGRAM_TERMINATED |
(package private) static String[] |
savedArgs |
Modifier and Type | Method and Description |
---|---|
(package private) static String |
ask(String prompt) |
(package private) static String |
getCommonName(X509Certificate cert) |
(package private) static String |
joinStringArray(String[] array,
String delimiter) |
static void |
main(String[] args)
Run the program from command line.
|
(package private) static void |
terminateWithErrorMessage(Throwable e,
String context) |
(package private) static void |
terminateWithUsageMessage() |
(package private) static String |
toHexString(byte[] bytes) |
static final String PROGRAM_TERMINATED
static final String EXTRA_CERTS_FILE_NAME
static SSLContext context
static String[] savedArgs
public static void main(String[] args) throws Exception
args
- command line arguments as: <host>[:<port>]
[<truststore_password>]
Exception
static void terminateWithUsageMessage()
static String toHexString(byte[] bytes)
static String ask(String prompt) throws IOException
IOException
static String getCommonName(X509Certificate cert) throws InvalidNameException
InvalidNameException