(Not yet)Commons SSL

If you ever tried to work with SSL Socket connections in Java, you probably know that Java, by default, supports its own JKS and PKCS12 certificate formats. For those who need to work with OpenSSL it is usually suggested to convert keys and certificates to PKCS12 and then import them in the keystore using the keytool command provided with the JDK.

While all this is not a big deal for most of the applications, there should be a better solution for projects that rely heavily on SSL. Not-yet-commons-ssl project, called liked this because it is still in the Apache incubation process, aims to simplify Java and SSL integration.

First of all, it supports OpenSSL and PKCS8 formats and provides handy classes for dealing with keys and certificates in that format (see PKCS8 examples.

Also, it provides mechanism for easy creation of SSL Sockets regardless of certificate format you are using (see examples). This mechanism also allows us to configure multiple ssl socket factories inside a single JVM.

Commons SSL is a really important toolkit for all that have above modest SSL requirements. The proper support from Apache and a better documentation could help this project become even more useful.

1 comment

  1. This blog post sure caused downloads to spike! Bandwidth tripled for a few weeks. That was exciting. I’m glad you found the library useful, Dejan. Thanks for the plug!

    I’ve been too busy lately to make much ground on the incubation proposal. I hope to get back into it soon.

    By the way, just released not-yet-commons-ssl-0.3.8. Changelog is here:


Leave a comment

Your email address will not be published. Required fields are marked *