How to add or list certificates from keystore or truststore in Java? Keytool Example Tutorial

How to add certificates on keystore in Java is the primary question when you start working on SSL connection and a simple answer is keytool utility in Java is used to add or list Certificates into keystore. SSL is the industry standard for secure communication between two parties e.g. client and server. SSL offers two benefits, it encrypts data transferred between client and server to make it hard for someone to access and understand in between and SSL also verifies the identity of two parties in communication, and certificates are used for that purpose. SSL Setup in Java comes during various processes e.g. Setting up SSL on tomcat, configuring messaging over SSL, or JDBC over SSL are some examples of tasks where you need to deal with keyStore, certificates, and trust stores.

How to Fix javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException in Java? Example

If you are working in a Java web or enterprise application that connects to any other web server using HTTPS you might have seen the "javax.net.ssl.SSLHandshakeException". This is one of the particular cases of that error. If you know how SSL and HTTPS work that when a Java client connects to a Java server the SSL handshake happens. In these steps server return certificates to confirm its identity, which the client validates against the root certificate he has in its truststore. If Server returns a certificate that cannot be validated against the certificates a browser or Java client holds in its truststore then it throws the "sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target".

Dealing with Password in Java Application? 5 Best Practices You Should Follow

While working in core Java applications or enterprise web applications there is always a need of working with passwords in order to authenticate users. Passwords are very sensitive information like Social Security Number(SSN) and if you are working with real human data like in an online banking portal or online health portal it's important to follow best practices to deal with passwords or Social security numbers. here I will list down some of the points I learned and take care of while doing authentication and authorization or working with passwords. I recommend reading more on this topic and have a checklist of things based on your application requirement. Anyway here are few points which make sense to me: