Sometimes, it's inevitable that HTTPs is only provided, or you are unable to change third part code to ignore certificate verification.
How to import a certificate into a JVM? Here are some steps.
Step1. Fetch the certificate
openssl s_client -connect youtube.com:443 < /dev/null | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > youtube.crt
Step2. Import the certificate
keytool -import -alias youtube.com -keystore /Users/chliu/.sdkman/candidates/java/current/jre/lib/security/cacerts -file youtube.crt
Enter keystore password:<changeit>
Owner: CN=*.google.com, O=Google LLC, L=Mountain View, ST=California, C=US
Issuer: CN=Google Internet Authority G3, O=Google Trust Services, C=US
Serial number: 3b6e50a1d2080062
Valid from: Tue Jan 29 22:58:00 CST 2019 until: Tue Apr 23 22:58:00 CST 2019
Certificate fingerprints:
MD5: 19:0D:FC:58:69:85:29:59:C4:42:71:05:21:EA:B4:2E
SHA1: E4:A8:7B:F5:3E:9A:17:4A:E2:9F:26:8F:81:23:78:E3:15:08:85:99
SHA256: F7:EE:A9:17:44:FD:5D:E8:09:73:4D:97:85:E4:7E:AE:FA:73:6D:6F:31:36:55:0B:07:1B:15:68:D8:81:A3:C8
Signature algorithm name: SHA256withRSA
Subject Public Key Algorithm: 2048-bit RSA key
Version: 3
Extensions:
#1: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
AuthorityInfoAccess [
[
accessMethod: caIssuers
accessLocation: URIName: http://pki.goog/gsr2/GTSGIAG3.crt
,
accessMethod: ocsp
accessLocation: URIName: http://ocsp.pki.goog/GTSGIAG3
]
]
#2: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 77 C2 B8 50 9A 67 76 76 B1 2D C2 86 D0 83 A0 7E w..P.gvv.-......
0010: A6 7E BA 4B ...K
]
]
#3: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:false
PathLen: undefined
]
#4: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
[DistributionPoint:
[URIName: http://crl.pki.goog/GTSGIAG3.crl]
]]
#5: ObjectId: 2.5.29.32 Criticality=false
CertificatePolicies [
[CertificatePolicyId: [1.3.6.1.4.1.11129.2.5.3]
[] ]
[CertificatePolicyId: [2.23.140.1.2.2]
[] ]
]
#6: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
serverAuth
]
#7: ObjectId: 2.5.29.17 Criticality=false
SubjectAlternativeName [
DNSName: *.google.com
DNSName: *.android.com
DNSName: *.appengine.google.com
DNSName: *.cloud.google.com
DNSName: *.g.co
DNSName: *.gcp.gvt2.com
DNSName: *.ggpht.cn
DNSName: *.google-analytics.com
DNSName: *.google.ca
DNSName: *.google.cl
DNSName: *.google.co.in
DNSName: *.google.co.jp
DNSName: *.google.co.uk
DNSName: *.google.com.ar
DNSName: *.google.com.au
DNSName: *.google.com.br
DNSName: *.google.com.co
DNSName: *.google.com.mx
DNSName: *.google.com.tr
DNSName: *.google.com.vn
DNSName: *.google.de
DNSName: *.google.es
DNSName: *.google.fr
DNSName: *.google.hu
DNSName: *.google.it
DNSName: *.google.nl
DNSName: *.google.pl
DNSName: *.google.pt
DNSName: *.googleadapis.com
DNSName: *.googleapis.cn
DNSName: *.googlecommerce.com
DNSName: *.googlevideo.com
DNSName: *.gstatic.cn
DNSName: *.gstatic.com
DNSName: *.gstaticcnapps.cn
DNSName: *.gvt1.com
DNSName: *.gvt2.com
DNSName: *.metric.gstatic.com
DNSName: *.urchin.com
DNSName: *.url.google.com
DNSName: *.youtube-nocookie.com
DNSName: *.youtube.com
DNSName: *.youtubeeducation.com
DNSName: *.youtubekids.com
DNSName: *.yt.be
DNSName: *.ytimg.com
DNSName: android.clients.google.com
DNSName: android.com
DNSName: developer.android.google.cn
DNSName: developers.android.google.cn
DNSName: g.co
DNSName: ggpht.cn
DNSName: goo.gl
DNSName: google-analytics.com
DNSName: google.com
DNSName: googlecommerce.com
DNSName: source.android.google.cn
DNSName: urchin.com
DNSName: www.goo.gl
DNSName: youtu.be
DNSName: youtube.com
DNSName: youtubeeducation.com
DNSName: youtubekids.com
DNSName: yt.be
]
#8: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: BB F4 15 80 EC F0 4E F6 58 5A B1 49 4C 82 12 48 ......N.XZ.IL..H
0010: F9 FB 7E 3B ...;
]
]
Step3. Check certificate in keystore
keytool -list -v -keystore $JAVA_HOME/jre/lib/security/cacerts
keytool -list -v -keystore $JAVA_HOME/jre/lib/security/cacerts | grep youtube
Step4. Specify trust store AND PASSWRD
-Djavax.net.ssl.trustStore=$JAVA_HOME/jre/lib/security/cacerts
-Djavax.net.ssl.trustStorePassword=changeit
-Djavax.net.debug=all
If there are some issue that hostname in certificate didn't matched, the steps below can help to confirm the issue.
- Check the Server’s FQDN and make sure this match with the URL configured on the Certificate.
- Wildcard certificate cannot support subdomain. The subdomain also need to create a certificate. How to Fix SSL Common Name Mismatch Error
Youre so right. Im there with you. Your blog is surely worth a read if anyone comes throughout it. Im lucky I did because now Ive obtained a whole new view of this. I didnt realise that this issue was so important and so universal. You absolutely put it in perspective for me. web design
ReplyDeleteHey! Good stuff, do tell us when you finally post something like this! converting websites
ReplyDeleteI read your blog frequently, and I just thought I’d say keep up the fantastic work! It is one of the most outstanding blogs in my opinion. CE certificate
ReplyDeleteIn case you are an entrepreneur you need to pick modest or free facilitating to set aside your cash. However, you need to comprehend the legitimate contrast between Free facilitating and Paid facilitating. https://onohosting.com/
ReplyDeleteMicrosoft SQL Server is one of the most widely used database technologies in the IT industry. Many companies are looking for IT professionals with SQL Server knowledge and experience. singapore certificate holder
ReplyDeleteThis type of message always inspiring and I prefer to read quality content, so happy to find good place to many here in the post, the writing is just great, thanks for the post. https://medium.com/@easyprintsg2021/certificate-holders-making-life-easier-e1ed88e20b55
ReplyDeleteNice post! This is a very nice blog that I will definitively come back to more times this year! Thanks for informative post. certificate holder singapore
ReplyDeleteCustomer confidence is an Secure Sockets Layer (SSL) factor for any website that is operating on the World Wide Web. And in order to boost customer confidence and trust your site must be secured so that your customers' sensitive information is kept confidential. Secure Sockets Layer (SSL) Certificate is one of the most vital tools you have for protecting your customers' sensitive information, comforting customers that your website is trustworthy and assisting in making your business legitimate.In this article you will discover how SSL certificates can get your website secure.
ReplyDeleteHello, this weekend is good for me, since this time i am reading this enormous informative article here at my home. certificate holder singapore buy online
ReplyDeleteYeni Perde Modelleri
ReplyDeletesms onay
Mobil odeme bozdurma
nft nasıl alınır
ankara evden eve nakliyat
trafik sigortası
DEDEKTÖR
KURMA WEBSİTESİ
Aşk Kitapları
smm panel
ReplyDeleteSmm panel
is ilanlari
İNSTAGRAM TAKİPÇİ SATIN AL
hirdavatciburada.com
beyazesyateknikservisi.com.tr
servis
TİKTOK JETON HİLESİ İNDİR