The self-signed certificate in a JKS keystore.jks has validity of only around 4 months, whereas the CA signed certificate will have validity of around 2 years, so when the self-signed certificate expires, will it not create any problem in SSL handshake?
Will SSL handshake work when a JKS keystore have an expired self-signed certificate and a valid CA signed certificate?
104 Views Asked by Suyash Gupta At
1
There are 1 best solutions below
Related Questions in JAVA
- I need the BIRT.war that is compatible with Java 17 and Tomcat 10
- Creating global Class holder
- No method found for class java.lang.String in Kafka
- Issue edit a jtable with a pictures
- getting error when trying to launch kotlin jar file that use supabase "java.lang.NoClassDefFoundError"
- Does the && (logical AND) operator have a higher precedence than || (logical OR) operator in Java?
- Mixed color rendering in a JTable
- HTTPS configuration in Spring Boot, server returning timeout
- How to use Layout to create textfields which dont increase in size?
- Function for making the code wait in javafx
- How to create beans of the same class for multiple template parameters in Spring
- How could you print a specific String from an array with the values of an array from a double array on the same line, using iteration to print all?
- org.telegram.telegrambots.meta.exceptions.TelegramApiException: Bot token and username can't be empty
- Accessing Secret Variables in Classic Pipelines through Java app in Azure DevOps
- Postgres && statement Error in Mybatis Mapper?
Related Questions in SSL
- Django's previous settings prevent connecting to localhost
- SSL error when redirecting from one lightsail subdomain to lightsail subdomain on different account
- HTTP Requests from SSL Secured(HTTPS) Domain Failing
- Reversed TLS re-connection issue
- Nginx configuration file and SSL certificate errors in Docker
- IBM DB2 console doesn't work after SSL certificate update
- mTLS not working with FastAPI and Uvicorn
- WSO2 change localhost - ERR_CERT_AUTHORITY_INVALID
- KeyCloak Handshake causing timeout
- Python SSL Error , Server side - Client certificate verify failing with Intermediate cert - self-signed certificate in certificate chain (_ssl.c:1007)
- Apps migrated from IIS server1 to another IIS server2 stopped communicating with an App on IIS server 1 via SSL (HTTPS)
- Let Artifactory use HTTPS settings
- Even though I added my SSL certificate, I get the "not secure" error
- CST 0001 ERRO [comm.tls] ClientHandshake -> Client TLS handshake failed after 173.725µs with error EOF remoteaddress=127.0.0.1:7051
- ERR_SSL_PROTOCOL_ERROR generated using X509 certificate with Kestrel hosting in .NET 8 on Linux
Related Questions in SSL-CERTIFICATE
- SSL error when redirecting from one lightsail subdomain to lightsail subdomain on different account
- IBM DB2 console doesn't work after SSL certificate update
- requesting AWS Certificate Manager cert for root domain works, but not www subdomain
- Problem with SSL Certificate when the .Net App calls itself in the docker container
- "SSL certificate problem: unable to get local issuer certificate" when trying to access a repository on github
- Python SSL Error , Server side - Client certificate verify failing with Intermediate cert - self-signed certificate in certificate chain (_ssl.c:1007)
- DRF, corsheaders and SSL certificate error on deploy on VPS
- javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid cert
- How to move updates from Google Play to another server
- psql environment variable for sslkey password?
- PHP & LDAPS : cant connect to AD
- "Problem with the SSL CA cert" when running git
- Wildcard SSL certificate with IIS webserver type Can it be used on Linux servers using Apache?
- ktor client/server request falling and getting 500 internal server problem
- SSL Handshake issue on Android 7.0
Related Questions in JKS
- Excel VBA Connect to IBM DB2 via SSL port
- Using keyStore as a repository for keys and certificate
- Cannot export pem certification for jks
- SSL Configuration for java Application
- How to extract all the .crt files and private key from a .jks file?
- Does JKS supports keys created by Post Quantum algorithms like dilithium3?
- Create jks from crt and key and than configure Tomcat
- Will SSL handshake work when a JKS keystore have an expired self-signed certificate and a valid CA signed certificate?
- Can a server accept a client certificate in JKS format and refuse the same certificate in PKCS12
- Failed to load SSL keystore of type JKS for secured kafka topic
- how to pass password during jarsigner via jenkins pipeline
- Issue with Renewing SSL JKS Cert on Tomcat9 for MicroStrategy BI Tool
- Cannot read jks file in site, 403 error, server linux -tomcat & nginx
- How do I store and manage jks files in a way that would be easy to edit them
- Not able to import root.crt in truststore.jks using .net code
Trending Questions
- UIImageView Frame Doesn't Reflect Constraints
- Is it possible to use adb commands to click on a view by finding its ID?
- How to create a new web character symbol recognizable by html/javascript?
- Why isn't my CSS3 animation smooth in Google Chrome (but very smooth on other browsers)?
- Heap Gives Page Fault
- Connect ffmpeg to Visual Studio 2008
- Both Object- and ValueAnimator jumps when Duration is set above API LvL 24
- How to avoid default initialization of objects in std::vector?
- second argument of the command line arguments in a format other than char** argv or char* argv[]
- How to improve efficiency of algorithm which generates next lexicographic permutation?
- Navigating to the another actvity app getting crash in android
- How to read the particular message format in android and store in sqlite database?
- Resetting inventory status after order is cancelled
- Efficiently compute powers of X in SSE/AVX
- Insert into an external database using ajax and php : POST 500 (Internal Server Error)
Popular # Hahtags
Popular Questions
- How do I undo the most recent local commits in Git?
- How can I remove a specific item from an array in JavaScript?
- How do I delete a Git branch locally and remotely?
- Find all files containing a specific text (string) on Linux?
- How do I revert a Git repository to a previous commit?
- How do I create an HTML button that acts like a link?
- How do I check out a remote Git branch?
- How do I force "git pull" to overwrite local files?
- How do I list all files of a directory?
- How to check whether a string contains a substring in JavaScript?
- How do I redirect to another webpage?
- How can I iterate over rows in a Pandas DataFrame?
- How do I convert a String to an int in Java?
- Does Python have a string 'contains' substring method?
- How do I check if a string contains a specific word?
If the certificate is added to the truststore that the socket uses (creating an array of
TrustManagers and passing that to anSSLContext), then theSSLSocketseems to treat it as valid. Testing this using a dummy certificate that expires 1 second after creation, this seems to be correct; the client connects without exceptions or issues and can send messages.Therefore, if the client in question explicitly trusts the certificate, the client should be able to connect.
However, if another implementation is being used that rejects expired certificates, the client will most likely throw an exception.