Get certificate and add it to a Java truststore, when only having https URL?
I'm trying to send push notifications to Android devices through the Google Cloud Message servers.
The URL we use to do that is:
https://android.googleapis.com/gcm/send
In our entreprise applications, we do not use the default CA authorities and we add manually each entity we trust for security reason, in a truststore file loaded by SSLContext properties. I'd like to add GCM certificate to our truststore.
I don't know how to get the certificate from that URL. It seems the Chrome/Firefox export way is not working since the page redirects to another non-SSL page.
Someone has a solution?
Answer
I've been able to save the certificates through the following Java code:
public void testConnectionTo(String aURL) throws Exception {
URL destinationURL = new URL(aURL);
HttpsURLConnection conn = (HttpsURLConnection) destinationURL.openConnection();
conn.connect();
Certificate[] certs = conn.getServerCertificates();
System.out.println("nb = " + certs.length);
int i = 1;
for (Certificate cert : certs) {
System.out.println("");
System.out.println("");
System.out.println("");
System.out.println("################################################################");
System.out.println("");
System.out.println("");
System.out.println("");
System.out.println("Certificate is: " + cert);
if(cert instanceof X509Certificate) {
try {
( (X509Certificate) cert).checkValidity();
System.out.println("Certificate is active for current date");
FileOutputStream os = new FileOutputStream("/home/sebastien/Bureau/myCert"+i);
i++;
os.write(cert.getEncoded());
} catch(CertificateExpiredException cee) {
System.out.println("Certificate is expired");
}
} else {
System.err.println("Unknown certificate type: " + cert);
}
}
}
And import them to the truststore:
keytool -import -alias GoogleInternetAuthority -file myCert1 -keystore truststore