Nothing is easy in Java, and nothing is more disproportionately non-easy than downloading something. If you add SSL to the equation, it becomes unfeasible for any human to navigate the twisted passages of the Java API, so here is a tiny fragment of map I have pieced together using the Internets.
If you have a server that you want to download something from, and you need to use SSL (i.e. your URL starts with “https://”), and it has a self-signed certificate, you will need to get hold of a “trust store” file (a .jks file) that tells Java it can trust your server. How to get hold of this file is out of the scope of this blog post, by which I mean I don’t know how you get one.
Assuming you have somehow magicked up a trust store file (let’s call it trust.jks), and you know the password for it (let’s call it yourpassword), we can continue.
Let’s write a little program Get.java that fetches a URL and tells us whether we got an error with the SSL connection:
public class Get
public static void main( String args ) throws Exception
new URL( args ).openConnection().getInputStream();
System.out.println( "Succeeded." );
catch( javax.net.ssl.SSLHandshakeException e )
System.out.println( "SSL exception." );
Compile this with:
And run it with:
$ java Get https://google.com
This should succeed, because Java knows it can trust the benevolent Google deity, as we all do.
Now try it against your server with a self-signed (or otherwise untrusted) certificate and you should see an error:
$ java Get https://selfsigned.example.com
And now for the answer you were waiting for. You don’t need to use keytool. Repeat: you don’t need to use keytool. To run Java telling it to trust your server, just do this:
$ java \