SSLServerCertStore not registered
Philippe Marschall
kustos at gmx.net
Mon Apr 7 20:13:42 UTC 2025
Hello
The topic of getting the certificate chain of a server comes up
repeatably, see for example [1]. While not difficult it's still quite a
bit of code to implement. The JDK also has need for this in keystool and
the code is implemented as a CertStoreSpi in
sun.security.provider.certpath.ssl.SSLServerCertStore. Unfortunately the
class is not registered by a security provider like JdkLDAP. Keytool
calls the class directly, even creates as sublclass of CertStore.
Is there any reason SSLServerCertStore is not registered? I would be
willing to work on a patch with some guidance.
[1]
https://stackoverflow.com/questions/19297446/extract-server-certificates
Regards
Philippe
More information about the security-dev
mailing list