How do I initialize a TrustManagerFactory with multiple sources of trust?

Question

My application has a personal keystore containing trusted self-signed certificates for use in the local network - say mykeystore.jks. I wish to be able to conne

Answer 1

Although this question is 6 years old, I want to share my solution for this challenge. It uses the same code snippet under the covers from Cody A. Ray which Hugh Jeffner also shared.

SSLFactory sslFactory = SSLFactory.builder()
    .withDefaultTrustMaterial() // --> uses the JDK trusted certificates
    .withTrustMaterial("/path/to/mykeystore.jks", "password".toCharArray())
    .build();

HttpsURLConnection.setDefaultSSLSocketFactory(sslFactory.getSslSocketFactory());

During the ssl handshake process it will first check if the server certificate is present in the jdk trusted certificates, if not it will continue by also checking your custom keystore and if it doesn't find a match it will fail. You can even further chain it with more custom keystores, or pem files, or list of certificates etc. See here for other configurations: other possible configurations

This library is maintained by me and you can find it here: https://github.com/Hakky54/sslcontext-kickstart