To import the certificate into your keystore, you will need to run the following command:
The next step is to import this certificate into the keystore file. If you do not use an existing keystore file, a new keystore file will be created for you.
This indicates that Espresso Logic's SSL certificate is not recognized as being signed by a valid authority. This in turn is caused by the Certificate Authority (in this case, GeoTrust) not being (by default) installed as a recognized CA in the Java JDK.
When using your Espresso Logic API, you always have the option of using HTTP (insecure) or HTTPS (secure). If you choose HTTP, you should always remember that the data being passed back and forth between your client and the Espresso Logic server is in the clear. It can conceivably be intercepted and read by third parties.
If you use HTTPS, all communication between your client and the Espresso Logic server will be encrypted, making it impossible (or at least enormously more difficult) for a third party to intercept it and read it.
However, in order for HTTPS to work properly, there needs to be a way to ascertain that the Espresso Logic server is who it says it is. This is done using a certificate, which is issued by a Certificate Authority (CA). In the case of Espresso Logic, this Certificate Authority is GeoTrust.
Other client language environments may need to accept the GeoTrust certificate for SSL to work properly. Each language works differently.
If you just want to get going, follow these two steps:
And that should be it. If you'd like to understand this issue in more depth (recommended if you're going to use this seriously), read on for a lot more details.
Regardless, you'll need to obtain a copy of GeoTrust's certificate. Download it to your local drive and name it e.g.
From now on, we will assume that this file is in
You will also need to make sure that you can run the standard Java tool named
Under Linux, this location will vary widely depending on your distribution. A sample location might be something like
Under OSX, you can typically use $JAVA_HOME to refer to your JDK. A typical installation path would be
Under Windows, a common installation path for the JDK is something like
Once you have located the keytool command, you can continue.
If you already have a CA keystore file, you'll most likely want to use that.
If you do not, then you can use either the JDK/JRE's global CA keystore, or your own.
The global CA certificate keystore is called typically in the
If you use the global keystore, you will affect all Java programs running on your machine. This is typically fine, but in security-critical environments, that may be a problem. Also, you may not have write access to the global keystore file.
If you decide to use your own keystore file (recommended by default), then decide where it should be created, and what name to give it. Its name and location are entirely up to you.
In any case, from this point forward, we will assume that the keystore file is
You may be prompted for a keystore password. If you are using an existing keystore, you'll need to enter its password (hint: the default password for keystores is often
If all goes well, you should see output similar to:
with a lot more information, ending up with the question:
Type yes and hit enter, and you should see:
At this point, you have imported the certificate into the keystore.
If you used the JDK/JRE's CA keystore (cacerts), then you're done: you should be able to make HTTPS call to Espresso Logic's API.
If you used your own keystore, then you'll need to use it in your programs. The two most common ways of doing this are:
When running your program, you can add a command-line parameter pointing to your keystore, e.g.:
You can do the same thing using code, by invoking the following before making any HTTPS calls (this is Java, other JVM languages will vary slightly):
You should now be able to make HTTPS calls to Espresso Logic's API.