OBS Java SDK supports server-side certificate verification to ensure that OBS is provided by trusted servers. The following details how to configure server certificate verification in Windows. (In Linux, replace %JAVA_HOME% with $JAVA_HOME.)
If the root certificate on the OBS server is issued by an authoritative CA, skip steps 1 to 3. (Root certificates issued by authoritative CAs are in the certificate library of JDK.)
- Obtain the root certificate of the OBS server (for example, open Internet Explorer and choose Internet Options > Content > Certificates to export the certificate) and save it by the name of obs.cer.
- Run the %JAVA_HOME%/bin/keytool -import -alias obs -file obs.cer -storepass changeit -keystore %JAVA_HOME%/jre/lib/security/cacerts command to import the certificate.
- Run the %JAVA_HOME%/bin/keytool -list -v -alias obs -storepass changeit -keystore %JAVA_HOME%/jre/lib/security/cacerts command to view whether the certificate is successfully imported.
- Set the OBS server to use HTTPS (ObsConfiguration.setHttpsOnly(true)) and enable server certificate verification (ObsConfiguration.setValidateCertificate(true)).