将证书添加到AWS EC2客户端

Question

I'm using the EC2 java classes. To connect to an AWS account successfully, I have to add a certificate (.crt file) to the local Java cacerts file, using the keytool command, which works well when the code runs locally.
The problem is I need the code to run on a server, in which I have no access to the cacerts file, so I'm trying to add the certificate programatically, using the ClientConfiguration class. I uploaded my cacerts file to the server, the program reads it as a KeyStore object, and creates an SSLSocketFactory instance:

SSLSocketFactory socketFactory = new SSLSocketFactory(keyStore, "<password>");
ClientConfiguration clientConfig = new ClientConfiguration();
clientConfig.getApacheHttpClientConfig().setSslSocketFactory(socketFactory);
AWSCredentials credentialsProvider = new BasicAWSCredentials("<key>", "<private key>");
AmazonEC2 ec2 = new AmazonEC2Client(credentialsProvider, clientConfig);

But it still produces the HTTP Status 500 - Unable to execute HTTP request: peer not authenticated error.
I have checked that the added certificate alias can be read successfully, with the keystore's getCertificate method.
The "<password>" sent to the SSLSocketFactory constructor is the keystore's password.
Is that the correct way to add a certificate to EC2?

Answer 1

The problem was that the password parameter to the SSLSocketFactory constructor was not needed. Supplying the password to the KeyStore constructor is enough, and for SSLSocketFactory it's simply:

SSLSocketFactory socketFactory = new SSLSocketFactory(keyStore);