Best practice to handle third party SSL certificate in Java

2018-06-07 19:02:54

I'm working on an application that calls a third-party webservice over https. So I need to add this certificate to the truststore of my application. I can see 3 solutions to fix my problem:

add this certificate to $JAVA_HOME/jre/lib/security/cacerts

create a custom truststore and launch my JVM with -Djavax.net.ssl.trustStore= ...

programatically load this truststore when starting my application

Which solution do you recommend/discourage me to use?

I'd prefer the second one. Because;

For the first one; when you change your java version you need to do extra work (you must add these ssl certs to cacerts again).

For the third one; when you need to add another ssl cert. you must change your code.

So, the second is the best choice because; you will not need to change your code when new ssl comes (You will just add it to external trustStore) and you will do nothing for these certs when you upgrade your java version.

链接地址: http://www.djcxy.com/p/23754.html

上一篇: 调用者0在陷阱处理程序中给出错误的行号

下一篇: Java中处理第三方SSL证书的最佳实践