Philipp Philipp - 7 days ago 8
Java Question

Setting the certificate used by a Java SSL ServerSocket

I want to open a secure listening socket in a Java server application. I know that the recommended way to do that is to just do this:

SSLServerSocketFactory ssf = (SSLServerSocketFactory) SSLServerSocketFactory.getDefault();
ServerSocket ss = ssf.createServerSocket(443);


But this requires to pass the certificate of the server to the JVM when launching java. Because this would make some things in deployment more complicated for me, I would prefer to load the certificate at runtime.

So I have a key file and a password and I want a server socket. How do I get there? Well, I read the documentation and the only way I could find is this:

// these are my parameters for SSL encryption
char[] keyPassword = "P@ssw0rd!".toCharArray();
FileInputStream keyFile = new FileInputStream("ssl.key");

// init keystore
KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
keyStore.load(keyFile, keyPassword);
// init KeyManagerFactory
KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
keyManagerFactory.init(keyStore, keyPassword);
// init KeyManager
KeyManager keyManagers[] = keyManagerFactory.getKeyManagers();
// init the SSL context
SSLContext sslContext = SSLContext.getDefault();
sslContext.init(keyManagers, null, new SecureRandom());
// get the socket factory
SSLServerSocketFactory socketFactory = sslContext.getServerSocketFactory();

// and finally, get the socket
ServerSocket serverSocket = socketFactory.createServerSocket(443);


And that doesn't even have any error handling. Is it really that complicated? Isn't there an easier way to do it?

EJP EJP
Answer

But this requires to pass the certificate of the server to the JVM when launching java.

No it doesn't. Just set these system properties before you create the SSLServerSocket:

javax.net.ssl.keyStore ssl.key
javax.net.ssl.keyStorePassword P@ssw0rd!

You can do that with System.setProperties() or on the command line.