Yeah you can do that using CertificateFactory class which can generate the certificate on the fly from an InputStream. And then you can add the Certificate to the Keystore using setCertificateEntry(...) method. And lastly use the same keystore object with TrustManagerFactory to get the TrustManager instances.

For this you just need to have a way to read your CA using an InputStream...

Hope this helps.

Severine wrote:

Thx for you answer.
Yeah, That is was I did, but what I'm looking for is to do it in my java class. I'm looking for java code to do that. And I eventually would like to hard code the content of the CA in my code. and import the string in the keystore using java code.




Ambarish Mitra a écrit :

Yes, the JVM has a keystore for all the trusted certificates, the path is
jre/lib/security/cacerts.

This file has all the trusted root CA certs. Please import the CA cert in
here, and it should work.


-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Severine
Sent: Monday, April 10, 2006 2:55 PM
To: openssl-users@openssl.org
Subject: CA embeded in Java client


Hi all and thanks in advance for your answers.
Here is my problem :

I have a c++ ssl webserver and I want to connect to it using a java client.
I have manually (with keytool) imported my CA and everything works fine
like that.
But when my java client is installed, I'd like that no manual things are
done to be able to connect succesfuly to my server.

So, is there a way to embed the CA in the java code ? I mean, I'm
looknig for the equavalent of the following CC++ code in Java.

Here os the C++ code :

******* start of code*****************
X509 *cert =NULL;
    X509_STORE *store = NULL;

    if (!(store = SSL_CTX_get_cert_store (ptrSocket->ctxSSLContext)))
    {
        printf ("Can't make X509 store");
    }

    const unsigned char *cert_data = &szRootCa_certificate[0];

    cert = d2i_X509 (NULL, &cert_data, sizeof (szRootCa_certificate));
    X509_STORE_add_cert (store,cert);
    X509_free (cert);
******* end of code**************


Thanks for your answers
Severine
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           [EMAIL PROTECTED]

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           [EMAIL PROTECTED]


______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           [EMAIL PROTECTED]

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to