I'm writing a Java desktop application that will be available to the public. It will contact backend APIs via HTTPS using Jersey client.
I don't know anything about using certificates in desktop apps but from what I've found out so far I'll need to create an SSLContext that reads a public certificate from a KeyStore that is protected by a password.
I'm assuming I can distribute the contents of the KeyStore by packaging it in the Jar of my app. But I don't see how I can securely make the key store password available to the app. I don't want the users to have to enter it manually.
-
1Just a bit of feedback, we can infer you are using Java, but its better to explicitly state the language you are using.GrandmasterB– GrandmasterB12/30/2014 22:51:38Commented Dec 30, 2014 at 22:51
-
Good suggestion @GrandmasterB. I've updated the question.KevinS– KevinS12/31/2014 22:35:52Commented Dec 31, 2014 at 22:35
1 Answer 1
You can generally read public keys without the password. The default cacerts
file comes with the password changeit
but can be read without the password.
If you use a commercial certificate, Java may be able to connect without needing significant setup.