0

My Java application connects to a server via https. The server has a self-signed certificate, but Java is refusing the connection because it can't verify the validity of the certificate. I know I can force it to ignore the certificate completely, but then there's not much value in using https and certificates at all. I'm wondering if it's possible to bundle the server's self-signed certificate with the application, so that it recognizes the certificate from the server only if it matches.

I have found an answer here: telling java to accept self-signed ssl certificate, but this would require the user to run the command themselves. If possible I would like to be able to have the certificate bundled in the JAR, without the user needing to do anything for it to work.

Getting a proper certificate is not an option at this point.

Community
  • 1
  • 1
WiduX
  • 13
  • 4
  • The real way to solve is is to fix the server. Whoever is running is isn't doing so correctly and is impeding the distribution of your application. – user207421 Jul 25 '13 at 01:07
  • It's actually me running the server, and since the application will only be used internally by about 100-250 people, it's just not worth getting a proper certificate for. – WiduX Jul 25 '13 at 02:28
  • On the contrary. Spring the money and get a signed certificate. You've already wasted more money on this than the certificate will cost, and you don't even have a solution yet. – user207421 Jul 25 '13 at 11:48
  • Re your edit, *why* is getting a proper certificate 'not an option at this point'? It is now two weeks later and you have wasted more time than the cost of a signed certificate can possibly justify. You would have had it working on 26 July instead of not working on 5 August. – user207421 Aug 06 '13 at 03:27
  • The application I'm working for doesn't cost or earn anyone any money. It is a hobby project for a school, and time spent on it is not a waste of money for anyone. A proper certificate goes for $100 or more, and the application is using and generating $0. I'm currently not willing to spend $100+ for a certificate for a free project. – WiduX Aug 06 '13 at 03:38
  • To add to the previous comment, most certificate authorities will require you to be a legally registered company. I'm just 1 person working on this project for fun. – WiduX Aug 06 '13 at 03:48

0 Answers0