使用 TLS 的 Apache HTTPClient

Question

Sorry guys, i'm searching in all the internet for this but i need someone to help me. I've written a client for a particular server and i'm using apache http client to communicate with it.Now i've put TLS over the communication and i'd like to know how to put my client certificate into the communication in order to use HTTPs.I'm not very confident with the java keystore et similia so i need someone that helps me.

Answer 1

The keytool manual describes how to manipulate keystores. The method you're interested into is -importcert.

You should first find out where the truststore your client uses is. It can be specified by the -Djavax.net.ssl.trustStore javaopt, or it could be your JDK/JRE installation's default, whose location is <java_home>/jssecacerts or <java_home>/cacerts .

Then you should retrieve the server's certificate. If you can you should ask the server's admin to provide it in a secure fashion. Otherwise you can contact the server in different ways so it provides its certificate, the easier being accessing its https interface on a browser.

At this point you can import the certificate in a truststore. If you use an existing truststore like cacerts, the certificate will be added as a new entry, or you can provide a path that corresponds to no file to the -keystore argument, in which case a new truststore with your certificate as its unique entry would be created at this location. I would recommend the latter unless your client will later communicate with CA-trusted servers.

Your keytool command should look something like that :
keytool -importcert -alias <a name for the cert> -file <cert's path> -keystore <truststore's path> -storepass <the truststore's password>

If you create a new truststore, the -storepass provided will unlock it for later uses, and must be specified to your client by the -Djavax.net.ssl.trustStorePassword javaopt. If you use an existing truststore you must provide its password (I believe cacerts' is changeit ).