This discussion is archived
3 Replies Latest reply: Sep 21, 2012 1:48 PM by sabre150 RSS

How can a Java app validates and accepts a server certificate?

894552 Newbie
Currently Being Moderated
Hi,

I got a Java 1.6 client, running on JBoss 6, which is required to make SSL connection to LDAP server.

The first time when the Java client makes a secure ldap connection to LDAP Server, the server will send a certificate to the client. Once the client receives the certificate, it has to validate if the certificate is signed by a trusted CA. If it is, the client accepts and saves the certificate in a keystore. So, the certificate can be used later on.

As I known, most Web browsers that support SSL have a list of CAs whose certificates they will automatically accept. If a browser encounters a certificate whose authorizing CA is in the list, the browser will automatically accept the certificate, and establish a SSL connection to the site. Can I borrow from this idea, and implement it in Java world? If yes, I don't need to manually import a new certificate into the client each time there is an update to the server certificate, and the client is on production.

Thank you.

Legend

  • Correct Answers - 10 points
  • Helpful Answers - 5 points