The examples provided in the subpages below show how to implement a client for one way SSL and two way SSL. The examples manage the Java system properties relating to which truststores and keystorefrom to use from within the code. By ommiting these properties the JVM will use the default truststore and keystore (see Java SSL Basics page). These parameters can also be passed to the JVM as command line arguments if you do not wish to have the properties set from within the code and you do not wish to use the default truststore / keystore.
The examples show how the truststore property is explicitly set within the code:
certificates in this truststore file are those of each certificate
authority trusted by the client. When the socket is connecting to a
server, if the server presents a certificate issued by a certificate
authority that is not trusted (certificate is not contained in the truststore) then the client will cancel the
connection establishment and the connection will fail.
Older versions of Java may need to add the HTTPS protocol handler property in order for the SSL connection to be successful. Only later versions of java.net.URL support https, previously the java.net.MalformedURLException was thrown with the message unknown protocol: https.
For the most basic example of a client establishing a connection to a server using the default Java keystore and truststore please see http://www.exampledepot.com/egs/javax.net.ssl/Client.html. However if your application needs to manage its truststore at an application level please see example below. This example defines the necessary properties to specify the use of a specific truststore. These examples also assume that the application will use the default Java SSL implementation and JCE.
This example again has the application specifying its own truststore, and also its own keystore. The keystore here is in PKCS12 format (as issued by my CA).
E.g. Bob is allowed access to payment functionality but Peter isnt, so we need to check the cert and see who is making the request.
This code snippet shows how a servlet retrieves the certificate information.
Click here to see example SSL Debug output for a one way SSL connection with https://mail.google.com.