Using HttpClient with SSL and certificates
Asked Answered
B

2

1

While I've been familiar with HTTPS and the concept of SSL, I have recently begun some development and found I am a little confused.

The requirement was that I write a small Java application that runs on a machine attached to a scanner. When a document is scanned this is picked up and the file (usually PDF) sent over the internet to our application server that will then process it. I've written the application using Apache Commons libraries and HTTPClient.

The second requirement was to connect over SSL, requiring a certificate. Following guidance on the HTTPclient page I am using AuthSSLProtocolSocketFactory from the contributions page.

The constructor can take a keystore, keystore password, truststore and truststore password. As an initial test our DBA enabled SSL on one of our development webservers and provided me with a .p12 file which when I imported into IE allows me to connect successfully.

I am a bit confused between keystores and truststores and what steps I need to take using the keytool. I tried importing the p12 into a keystore file but get the error:

keytool error: java.lang.Exception: Input not an X.509 certificate

I followed a suggestion of importing the p12 into Internet Explorer and exporting as a .cer which I can then successfully import into a keystore. When I supply this as a keystore argument of the AuthSSLProtocolSocketFactory I get a meaningless errror, but if I try it as a truststore it seems like it reads it fine but ultimately I get

Caused by: javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate

I am unsure if I have missed some steps, I am misunderstanding SSL and mutual authentication altogether or this is mis-configuration on the server side.

Can anyone provide suggestions or point me towards resources that might help me figure this out please?

Banshee answered 5/5, 2010 at 15:45 Comment(0)
G
3

The keystore holds your private keys and associated certificates. The truststore hold the certificates that you trust and that can therefore be used for certificate path building and verification.

Here are some links that may be useful:

java.lang.Exception: Input not an X.509 certificate

Import private key and certificate into Java Key Store

Configuring Keystores and Truststores

Gibraltar answered 5/5, 2010 at 15:55 Comment(0)
R
1

make sure your certificate file does not have anything before and after these.

-----BEGIN CERTIFICATE-----

-----END CERTIFICATE-----

Rebeckarebeka answered 18/4, 2012 at 17:52 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.