Path: csiph.com!x330-a1.tempe.blueboxinc.net!newsfeed.hal-mli.net!feeder3.hal-mli.net!zen.net.uk!dedekind.zen.co.uk!eternal-september.org!feeder.eternal-september.org!.POSTED!not-for-mail From: Daniele Futtorovic Newsgroups: comp.lang.java.programmer Subject: Re: validation certificate agains cacert Date: Fri, 16 Sep 2011 15:57:03 +0200 Organization: A noiseless patient Spider Lines: 26 Message-ID: References: <47a06322-6497-421f-9572-705ae5bcb367@d2g2000vbk.googlegroups.com> Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Injection-Date: Fri, 16 Sep 2011 14:01:49 +0000 (UTC) Injection-Info: mx04.eternal-september.org; posting-host="WrQ6TY7cZS4XmFmZxCpJlw"; logging-data="14481"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1+Y8O3YLtNEWtRnQeJDCFwh" User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.9.2.22) Gecko/20110902 Thunderbird/3.1.14 In-Reply-To: <47a06322-6497-421f-9572-705ae5bcb367@d2g2000vbk.googlegroups.com> Cancel-Lock: sha1:LCF6uMye0iGWZxo8EXRBpNXbtCQ= Xref: x330-a1.tempe.blueboxinc.net comp.lang.java.programmer:8077 On 16/09/2011 08:50, Stone allegedly wrote: > Dear programmers, > > I would like to ask you if there is any way how to compare certificate > against cacerts file. > I have already loaded certificate in keystore like: > > Funny you should want to validate against the cacerts file in an X509TrustManager, for, if I'm not mistaken, that is precisely what the default TrustManager does. You might want to look for its source code online (for instance here: ). Anyway, the task isn't complicated, although the code is somewhat convoluted. You'll have to establish a chain (of certificates) from the certificate you're trying to validate to one of the root certificates in the trust store. A quick search turned up this guide: -- DF. Determinism trumps correctness.