Reputation: 10677
SSL certificate validation using Java client
I am writing a micro service which talks to another service through HTTPS. In java client implementation, reading root certificate from truststore and then validate incoming certificate through that.
Now, my question is - by default only 2nd level certificate will be validated using root Cert or all chained certificates in turn will also get validated?
I am Using okhttp; and my assumption is that all Java clients should behave in same way, please let me know if there is any subjectivity here? Thanks.
Upvotes: 1
Views: 800
Answers (1)
Reputation: 39289
If you include the root certificate in the truststore, the entire chain will be validated
The SSL server during handshake sends to client the certification chain from leaf certificate to root. The root certificate may be included but usually it is not
The default Trust Manager of a Java client will validate the provided certification chain looking in the truststore until it find the issuer of the certificate or the certificate itself
Upvotes: 2
Related Questions
- Java HTTPS client certificate authentication
- OkHttp client authentication failing to validate server and send client certificate in the same request
- SSL Certificate Verification in Java
- Disable SSL certificate validation in Java
- Tomcat client cert validation
- Prevent SSL Certificate Verification in Java
- Java 6 HTTPS client certificate authentication
- Check whether the certificate is valid or not
- Writing a SSL Checker using Java
- Validate SSL Certification Java/Android