Introduction

If the web service uses an HTTPS connection, then this will communicate using SSL. SSL, or Secure Socket Layer, is a technology which allows the web service client and remote web service server to communicate over a secured connection. The data is encrypted before being transmitted and decrypted when the data is received before processing. This is a two-way process, meaning that both the server AND the browser encrypt all traffic before sending out data. A certificate is required for SSL communication.

Certificates

A public key certificate (known just as a certificate) is a digitally-signed statement that binds the value of a public key to the identity of the person, device, or service that holds the corresponding private key. One of the main benefits of certificates is that passwords are not needed for individual clients who need to be authenticated as a prerequisite to access. Instead, the host merely establishes trust in a certificate issuer.

Most certificates used are based on the X.509v3 certificate standard.

Certificates contain the following information:

The subject's public key value.
The subject's identifier information, such as the name and e-mail address.
The validity period (the length of time that the certificate is considered valid).
Issuer identifier information.
The digital signature of the issuer. A certificate is valid only for the period of time specified within it; every certificate contains valid from and valid to date, which set the boundaries of the validity period.

Certificate Authority (CA)

A Certificate Authority (CA) is an organization that issues certificates to other organizations that wish to prove their identity. The CA asks the certificate requester to provide information about itself and the CA gives back a certificate in return. The returned certificate is chained to the root certificate, establishing a chain of trust. In this way someone dealing with a company identifying itself through a certificate issued by a certain CA doesn't have to trust every company, but it is sufficient to trust the root CA.

Java (J2SE) recognises the common root certificates Verisign, Twarte etc...; these are stored in the JRE's lib/security/cacerts truststore. But sometimes the certificate is not recognised and the certificate must be imported into the Java truststore.

Importing Certificates

If the web service provider is using a self-signed certificate or one signed by an in-house CA, it must be imported and saved in the truststore of the client Java system. A truststore is a file that contains all the trusted certificates available for HTTPS communication between Verj.io and the remote web service server. Certificates can be imported into the truststore using java’s keytool utility. The keytool is part of the standard Java Development Kit (JDK) shipment and can be found in the $JDK_HOME/bin directory. If the certificate has not been imported, a call to the web service may throw an exception such as: "ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target".

If the certificate has been signed by one of the recognised CAs, the certificate does not normally need to be imported.

Follow the instructions below to import a certificate. This example uses Internet Explorer 9 to obtain the certificate, but other browsers or equivalent tools can also be used.

If you already have the Certificate .cer file then proceed to step 9.