Note:

(Windows and Solaris use different pathname separators, so please use the appropriate one ("\", "/") for your environment.)

<java-home> refers to the directory where the Java 2 Runtime Environment (JRE) was installed. The Java 2 SDK (aka JDK) contains the JRE, but at a different level in the file hierarchy. For example, if the Java 2 SDK or JRE was installed in /home/user1, <java-home> would be:

		
/home/user1/jre1.2.x	                [JRE] 
/home/user1/jdk1.2.x/jre		[SDK]

You can save the downloaded file anywhere on your local disk.

Note that JSSE 1.0.2 requires that you have Java^TM2 SDK v 1.2.1 or greater or Java^TM2 Runtime Environment v 1.2.1 or greater already installed.

This will create a directory named jsse1.0.2, with two subdirectories named doc and lib.

The JSSE lib subdirectory contains the extension files jsse.jar, jcert.jar, and jnet.jar. You can either install these files in the JDK/JRE ("installed extension") or bundle them with your applet or application ("bundled extension"). If you wish to install them as an installed extension, place them in the following directory:

<java-home>/lib/ext

JSSE 1.0.2 comes standard with a Cryptographic Service Provider, or "provider" for short, named "SunJSSE". Although the "SunJSSE" provider is supplied with every JSSE 1.0.2 installation, it still needs to be configured explicitly, either statically or dynamically, before its services can be accessed.

4a. Static registration of SunJSSE provider

Add the "SunJSSE" provider to your list of approved providers. This is done statically by editing the security properties file:

<java-home>\lib\security\java.security [Win32]
<java-home>/lib/security/java.security [Solaris]

One of the types of properties contained in the java.security file is of the following form:

security.provider.n=providerClassName

This declares a provider, and specifies its preference order "n". The preference order is the order in which providers are searched for requested algorithms (when no specific provider is requested). The order is 1-based; 1 is the most preferred, followed by 2, and so on.

Add the above line to java.security, replacing providerClassName with com.sun.net.ssl.internal.ssl.Provider, and substituting n with the priority that you would like to assign to the "SunJSSE" provider. For example, to add the Sun internal SSL provider to the standard provider shipped with the JRE, your entries would look like:

security.provider.1=sun.security.provider.Sun
security.provider.2=com.sun.net.ssl.internal.ssl.Provider

"SunJSSE" would now be the second preferred provider

4b. Dynamic registration of SunJSSE provider

Instead of registering the provider statically, you can add the provider dynamically at runtime by adding the following lines of code at the beginning of your program:

Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());

Dynamically adding a provider requires that the application have the appropriate permission.

When creating a TrustManager, Sun's JSSE implementation will first check for an alternate cacert file before falling back on the standard cacerts file, so that you can provide a JSSE-specific set of trusted root certificates separate from ones that might be present in cacerts for code signing purposes.

The search order for the locating the trust store is:

1) <java-home>/lib/security/jssecacerts, then
2) <java-home>/lib/security/cacerts

In this JSSE implementation, the default keystore locations can be overriden by specifying the appropriate system properties:

javax.net.ssl.keyStore

specifies the location of where to find key material for the default KeyManager. There is no default location.

javax.net.ssl.keyStoreType

specifies the KeyStore file type for key material for the default KeyManager. The default is the default keystore type. (e.g. KeyStore.getDefaultType())

javax.net.ssl.keyStorePassword

specifies the password to be used with this KeyStore.

javax.net.ssl.trustStore

specifies the location of where to find key material for the default TrustManager. If specified, this overrides jssecacerts and cacerts.

javax.net.ssl.trustStoreType

specifies the KeyStore file type for key material for the default TrustManager. The default is the default KeyStore type. (e.g. KeyStore.getDefaultType())

javax.net.ssl.trustStorePassword

specifies the password to be used with this KeyStore.

The JSSE reference implementation contains a URL handler for the "https" URL protocol type. In order to use this handler, you must add the handler's implementation package name to the list of packages which are searched by the Java URL class. This is configured via the "java.protocol.handler.pkgs" system property. See the java.net.URL class documentation for details. System properties can be set via the command line or at runtime through the java.lang.System class.

For example, you can set this property on the command line via:

java -Djava.protocol.handler.pkgs=com.sun.net.ssl.internal.www.protocol

For example, to set this property on the command line to access HTTPS servers through the proxy host "webproxy" running at port 8080 you would use:

java -Dhttps.proxyHost=webproxy -Dhttps.proxyPort=8080

By setting the System property "javax.net.debug", this JSSE implementation can provide very useful and detailed debug information for the various phases of SSL/TLS handshaking.

For a list of the current options, please run:

java -Djavax.net.debug=help MyApp

MyApp will exit after printing the debug help information.

example:

java -Djavax.net.debug=ssl,handshake,data,trustmanager MyApp