Community
Participate
Working Groups
I seem to have to import SSL keys into my Eclipse runtime cacerts file in order for java to allow a SSL socket connection to a SSL secured Jira server. I have this second hand as the recommended way of doing things, I have a better way Id like to suggest, having had to do this very thing in a plugin project. This all works by pointing some environment variables to a manufactured keystore kept in the plugins state path: System.getProperties().setProperty("javax.net.ssl.trustStore", af.getAbsolutePath()); //must be a resolvable FILE System.getProperties().setProperty("javax.net.ssl.trustStorePassword", "changeit"); First you need to get the cert from the server, then you need to import it into a keystore and use it. Ignoring how you get the cert in the first place, the attachment shows some cut and pasted methods that put the cert into a keystore in the plugines state location, update an environment variable and bobs your uncle without any JRE cacert tweaks. I glossed over the question of how to extract the cert, I havent had to do this for my need and havent thought about it a great deal. I guess you could use 'openssl s_client -connect theserver:443' and chop the cert out of the stream, but obv, this is native 'linux' and not java. Maybe someone can figure this out... comments?
Created attachment 46019 [details] Provides example of creating a TRUST cert store in a plugins state folder from a plugins resource. The tricky bit is extracting a SSL Cert from a web server, IE has a neat way of doing this, shame firefox doesnt. I havent thought how this can be done programatically.
Looks like a duplicate of bug 147888. Also note that System.setProperty() generally is really bad idea when running from shared/controlled runtime where it can easily interfere with other plugins.
Andy, while waiting on bug 147888 please consider adding some tips on getting this going to: http://wiki.eclipse.org/index.php/Mylar_Contributor_Reference#JIRA *** This bug has been marked as a duplicate of 147888 ***
