How to automatically install self signed certificate in IE Trusted Root Certification Authorities store

java tomcat ssl https keytool
12,942

Solution 1

Java 6 provides a cryptographic provider named SunMSCAPI to access the windows cryptography libraries API. This provider implements a keystore "Windows-Root" containing all Trust Anchors certificates.

It is possible to insert a certificate in this keystore.

KeyStore root = KeyStore.getInstance("Windows-ROOT");
root.load(null);
/* certificate must be DER-encoded */
FileInputStream in = new FileInputStream("C:/path/to/root/cert/root.der");
X509Certificate cacert = (X509Certificate)CertificateFactory.getInstance("X.509").generateCertificate(in);
root.setCertificateEntry("CACert Root CA", cacert);

The user will be prompted if for confirmation. If the operation is canceled by the user then a KeyStoreException is thrown.

Some technotes about the provider can be found here: http://download.oracle.com/javase/6/docs/technotes/guides/security/SunProviders.html#SunMSCAPI

Solution 2

Think about it. If this were possible, what would stop any fraudulent site from doing the same thing and making it look like their site was trusted? The whole point is that the user HAS to OK the certificate installation.

Solution 3

First of all, possibility to do this would compromise user's security, so it would be a security hole, so no, there's no easy way to do this.

Next, different software has different certificate stores. Microsoft and Chrome browser use CryptoAPI stores, Firefox has it's own store (Chrome can also use firefox's one AFAIK). Adobe's software has it's own store (in addition to CryptoAPI one).

Share:
12,942
Marquinio
Author by

Marquinio

Updated on June 05, 2022

Comments

  • Marquinio
    Marquinio almost 2 years

    I created a self signed certificate but the browser tells me "This CA Root Certificate is not trusted. To enable trust, install this certificate in the Trusted Root Certification Authorities store".

    I did by going into IE --> Internet Options --> Content --> Certificates --> ect... I actually had to export the self signed certificate and then import it into the Trusted Root Certification. Only after the certificate was located under the ROOT store in the users machine that IE did not display any WARNINGS.

    This will be deployed in a production environment, so having the users manually do the above steps is unacceptable.

    How can I automatically do this? I just want them to accept and not have that "Certificate Error" and have the URL bar turned "RED" in IE.

    I'm using Tomcat 5.5. I also followed the same steps as in the Tomcat SSL How To Tutorial http://tomcat.apache.org/tomcat-5.5-doc/ssl-howto.html

    Thanks in advance.

  • Marquinio
    Marquinio about 13 years
    Thats exactly what I want. The user will have to hit OK. But this did not place the certificate in the Trusted Root Certification Authorities store. Instead I had to export/import the certificate. Is there a one click OK button that can perform all those steps for the user?
  • Narayan Raman
    Narayan Raman over 12 years
    Note: This does not work in Java 64 bit versions less than JDK7 due to a bug in Java. Details: forums.oracle.com/forums/thread.jspa?threadID=1526024

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

SSL Connection from Java client
Configuring SSL for Tomcat 7 leads to an ERR_SSL_VERSION_OR_CIPHER_MISMATCH error
Tomcat HTTPS keystore certificate
java.lang.Exception: Public keys in reply and keystore don't match
SSLHandshakeException: No subject alternative names present
Accept server's self-signed ssl certificate in Java client
How to import a jks certificate in java trust store
keytool error bash: keytool: command not found
what is keyAlias="aaaa" in tomcat server.xml file
Flutter https with self signed certificate