Home/ Questions/Q 45191
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-10T15:46:13+00:00

I am trying to call a webservice using ssl. How do i get the

  • 0

I am trying to call a webservice using ssl. How do i get the relevant server cert so that i can import it into my truststore? I know about the use of property com.ibm.ssl.enableSignerExchangePrompt from a main method but i would add the server cert to my truststore manually.

I dont want this property set in any of my servlets

Any help is greatly appreciated Thanks Damien

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. you can programmatically do this with Java by implementing your own X509TrustManager. 

     public class dummyTrustManager implements X509TrustManager {          public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {             //do nothing         }          public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {             // do nothing         }          public X509Certificate[] getAcceptedIssuers() {             //just return an empty issuer             return new X509Certificate[0];         }     }

    Then you can use this trust manager to create a SSL sockect 

     SSLContext context = SSLContext.getInstance('SSL'); context.init(null, new TrustManager[] { new dummyTrustManager() },                             new java.security.SecureRandom());  SSLSocketFactory factory = context.getSocketFactory(); InetAddress addr = InetAddress.getByName(host_); SSLSocket sock =  (SSLSocket)factory.createSocket(addr, port_);

    Then with that socket you can just extract the server certificate (an put import it in the trusted keystore)

     SSLSession session = sock.getSession(); Certificate[] certchain = session.getPeerCertificates();
    • 0