(Not yet)Commons SSL

by Dejan Bosanac

If you ever tried to work with SSL Socket connections in Java, you probably know that Java, by default, supports its own JKS and PKCS12 certificate formats. For those who need to work with OpenSSL it is usually suggested to convert keys and certificates to PKCS12 and then import them in the keystore using the keytool command provided with the JDK.

While all this is not a big deal for most of the applications, there should be a better solution for projects that rely heavily on SSL. Not-yet-commons-ssl project, called liked this because it is still not the official Apache project, aims to simplify Java and SSL integration.

First of all, it supports OpenSSL and PKCS8 formats and provides handy classes for dealing with keys and certificates in that format (see PKCS8 examples).

Also, it provides mechanism for easy creation of SSL Sockets regardless of certificate format you are using (see examples). This mechanism also allows us to configure multiple ssl socket factories inside a single JVM.

Commons SSL is a really important toolkit for all that have above modest SSL requirements. The proper support from Apache and a better documentation could help this project become even more useful.

4 Comments

Trustin Lee
2007-05-30 23:12:55
IIRC, it didn't enter the incubation process yet. Am I missing something?
Dejan Bosanac
2007-05-31 00:59:42
My mistake, I meant "it didn't passed the incubation process yet". Fixed now. Thanks.
Julius Davies
2007-07-05 13:51:00
This blog post sure caused downloads to spike! Bandwidth tripled for a few weeks. That was exciting. I'm glad you found the library useful, Dejan. Thanks for the plug!


I've been too busy lately to make much ground on the incubation proposal. I hope to get back into it soon.


By the way, just released not-yet-commons-ssl-0.3.8. Changelog is here:


http://juliusdavies.ca/commons-ssl/download.html

Dejan Bosanac
2007-07-06 01:32:56
I'm glad that I helped to spread the word about the library. Thanks and keep up the good work.