This content has been marked as final. Show 4 replies
It doesn't make sense to define the keystore and the truststore as being the same file. The keystore contains the server's private key and is unique to the server. The truststore contains certificates whose signatures the server should trust if provided by clients. It serves a completely different purpose. It is usually sufficient to let the truststore default to the one distributed with the JDK.
The last code I create displayed an error saying NoSuchAlgorithmExceptionPlease post the full exception message and stack trace with an indication of which line of your code it is thrown at.
You haven't needed this line of code for about eight years.
/register an https protocol handler to service the network System.setProperty("java.protocol.handler.pkgs","com.sun.net.ssl.internal.www.protocol");
This is the complete exception error message
java.security.NoSuchAlgorithmException: server.jks TrustManagerFactory not available
BUILD SUCCESSFUL (total time: 1 second)
TrustManagerFactory trust = (TrustManagerFactory)TrustManagerFactory.getInstance("server.jks"); ---------------------Line 44
Please EJP am a little bit confused about the the truststore file. Is it suppose to be the .cer file. According to the tutorial guide that I used in creating my ssl certificate
server.jks ------------ is the keystore (private key)
server.cer ------------- is the certificate (public key) which i created by exporting the server.jks file
server.jks --------------- is the truststore that should be kept in the client side of the application.
I have tried changing the truststore file to be server.cer
but it still throws the same exception.
I am kind of new to the ssl stuff so I am still learning the fundamentals please could you sheld more light on creating the keystore, truststore and calling it your application for the authentication and encryption process.
Thans for your perusal and time, I really appreciate.
The server doesn't need a truststore.
The client only needs a custom truststore if the server certificate is self-signed, and the proper solution to that is to get the server certificate signed by a CA.
Your code says servers.jks but the exception says server.jks, so somewhere you are confused about what this filename really is.
The truststore is a JKS file created by the keytool utility. You import .crt files into it.
Thanks for your solution. I would go back to the code.
"The client only needs a custom truststore if the server certificate is self-signed"
How can i create a custom trustore?
the proper solution to that is to get the server certificate signed by a CA.
Cant i use a self signed certificate for a real world application without signing it by a CA?