Best practice for handling third party SSL certificate in Java

Question

Best practice for handling third party SSL certificate in Java

I am working on an application that calls a third-party web service via https. Therefore, I need to add this certificate to the trust store of my application. I can see 3 solutions to solve my problem:

add this certificate to $JAVA_HOME/jre/lib/security/cacerts
create your own trust store and start my JVM with -Djavax.net.ssl.trustStore= ...
programmatically load this supermarket upon application launch

Which solution do you recommend / prevent me from using?

+7

java ssl-certificate

Nicolas c Dec 10 '14 at 13:04

source share

1 answer

mokarakaya · Answer 1 · 2014-12-10T13:39:09+0000

I would prefer the second. Because the;

For the first; when you change your version of Java, you need to do extra work (you must add these ssl certificates to cacerts again).

For the third; when you need to add another ssl certificate. You must change your code.

So, the second is the best choice, because; you will not need to change your code when a new ssl appears (you just add it to the external trustStore), and you will not do anything for these certificates when upgrading the Java version.

Best practice for handling third party SSL certificate in Java

More articles: