# Trusting a self-signed certificate



## notfed (Jul 27, 2011)

Hi,

I'm using OpenJDK6 (installed via java/openjdk6) and trying to create a web service client with Java Axis2/Rampart.  The server is using a self-signed SSL certificate, and my client is rejecting it as untrusted.  

This is just a test project, so I'd like to add the self-signed certificate to my list of trusted certificates.  How do I do this?  I thought I'd just have to add the certificate to /usr/local/openjdk6/jre/lib/security/cacerts but I don't know the default KeyStore password!

Thanks,
Jay


----------



## olav (Jul 29, 2011)

You need to let the TrustManager in Java accept self signed certificates. I have a code example that does that.


```
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import javax.net.ssl.SSLContext;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLSession;

public class UnsignedCertificate {
	public static void activate(){
		// Create a trust manager that does not validate certificate chains
		TrustManager[] trustAllCerts = new TrustManager[]{
		    new X509TrustManager() {
		        public java.security.cert.X509Certificate[] getAcceptedIssuers() {
		            return null;
		        }
		        public void checkClientTrusted(
		            java.security.cert.X509Certificate[] certs, String authType) {
		        }
		        public void checkServerTrusted(
		            java.security.cert.X509Certificate[] certs, String authType) {
		        }
		    }
		};
		HttpsURLConnection.setDefaultHostnameVerifier( new HostnameVerifier(){
			public boolean verify(String string,SSLSession ssls) {
				return true;
			}
		});
		// Install the all-trusting trust manager
		try {
			SSLContext sc = SSLContext.getInstance("SSL");
			sc.init(null, trustAllCerts, new java.security.SecureRandom());
		HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
		} catch (Exception e) {
		}
	}
}
```


----------

